Make some adjustments to blocking behavior regarding the forums:
* Pre-existing bug: on a forum's home page (threads list), if a thread was
created by a blocked user, the thread still appeared with the user's name and
picture visible. Now: their picture and name will be "[unavailable]" but the
thread title/message and link to the thread will remain. Note: in the thread
view itself, posts by the blocked user will be missing as normal.
* Make some tweaks to allow forum moderators (and owners of user-owned forums)
able to see messages from blocked users on their forum:
* In threads: a blocked user's picture and name are "[unavailable]" but the
content of their message is still shown, and can be deleted by moderators.
Misc fixes:
* Private photos: when viewing your granted/grantee lists, hide users whose
accounts are inactive or who are blocked.
* CertifiedSince: in case a user was manually certified but their cert photo
status is not correct, return their user CreatedAt time instead.
* The Explore tab can now sort forums by their:
* Most recently updated thread
* Topics, Posts or Users (counts)
* Show owner information in forum cards
* Passive pagination support for the "My List" on forum home page.
* Only visible when there are >20 favorited Forums.
* The bottoms of threads have moderator buttons now, to easily Pin or
Unpin the thread (for Owners + Admins) or to Lock/Unlock the thread
(all moderators).
* Forums are disowned on user account deletion (their owner_id=0)
* A forum without an owner shows a notice at the bottom with a link to petition
to adopt the forum. It goes to the Contact form with a special subject.
* Note: there is no easy way to re-assign ownership yet other than a direct
database query.
* Code cleanup
* Alphabetize the DB.AutoMigrate tables.
* Delete more things on user deletion: forum_memberships, admin_group_users
* Vacuum worker to clean up orphaned polls after the threads are removed
Add minimum quotas for users to earn the ability to create custom forums.
The entry requirements that could earn the first forum include:
1. Having a Certified account status for at least 45 days.
2. Having written 10 posts or replies in the forums.
Additional quota is granted in increasing difficulty based on the count of
forum posts created.
Other changes:
* Admin view of Manage Forums can filter for official/community.
* "Certified Since" now shown on profile pages.
* Update FAQ page for Forums feature.
* Add a "Report" link to the footer of forums.
* Allow some non-admin users to view a private forum and its threads.
* Moderators and approved followers can see it
* Note: the endpoint to follow a forum won't let a user invite themselves
to a private forum. Currently there is no way to approve a user except
by also adding them as a moderator.
* Explore and Newest tabs can show these private forums if viewable.
* Private forums: CanBeSeenBy moderators, approved followers, its owner and
admin users.
* Note: the endpoint to subscribe to the forum won't allow users to follow
the private forum, so approved followers can not be created at this time,
except by adding them as moderators.
* Admins: when creating a forum they can choose "no category" to create it as
an unofficial community forum.
* Code cleanup
* More feature flag checking
* The "Newest" tab of the forum is updated with new filter options.
* Which forums: All, Official, Community, My List
* Show: By threads, All posts
* The option for "Which forums" is saved in the user's preferences and set as
their default on future visits, similar to the Site Gallery "Whose photos"
option.
* So users can subscribe to their favorite forums and always get their latest
posts easily while filtering out the rest.
* Forum Moderators
* Add the ability to add and remove moderators for your forum.
* Users are notified when they are added as a moderator.
* Moderators can opt themselves out by unfollowing the forum.
* ForumMembership: add unique constraint on user_id,forum_id.
* Add "Browse" tab to the forums to view them all.
* Text search
* Show all, official, community, or "My List" forums.
* Add a Follow/Unfollow button into the header bar of forums to add it to
"My List"
* On the Categories page, a special "My List" category appears at the top
if the user follows categories, with their follows in alphabetical order.
* On the Categories & Browse pages: forums you follow will have a green
bookmark icon by their name.
Permissions:
* The forum owner is able to Delete comments by others, but not Edit.
Notes:
* Currently a max limit of 100 follow forums (no pagination yet).
Allow regular (non-admin) users access to the Manage Forums page so they can
create and manage their own forums.
Things that were already working:
* The admin forum page was already anticipating regular LoginRequired credential
* Users only see their owned forums, while admins can see and manage ALL forums
Improvements made to the Forum Admin page:
* Change the title color from admin-red to user-blue.
* Add ability to search (filter) and sort the forums.
Other changes:
* Turn the Forum tab bar into a reusable component.
* Add a world cities database with type-ahead search on the Member Directory.
* Users can search for a known city to order users by distance from that city
rather than from their own configured location on their settings page.
* Users must opt-in their own location before this feature may be used, in order
to increase adoption of the location feature and to enforce fairness.
* The `nonshy setup locations` command can import the world cities database.
* Add support for Web Push Notifications when users receive a new Message or
Friend Request on the main website.
* Users opt in or out of this on their Notification Settings. They can also
individually opt out of Message and Friend Request push notifications.
* Remove the ability for regular (non-admin) users to search the Member
Directory for non-certified profiles.
* Profiles who don't certify can be a risk to contact, as the likelihood
of fake pictures and scams/spam is much higher.
The pager widget will now show a dropdown menu of overflow pages in the
middle. This allows easy access to the First and Last pages and an
ability to select from any of the middle pages to jump to quickly.
The nonshy website is changing the policy on profile pictures. From August 30,
the square cropped avatar images will need to be publicly viewable to everyone.
This implements the first pass of the rollout:
* Add the Public Avatar Consent Page which explains the change to users and
asks for their acknowledgement. The link is available from their User Settings
page, near their Certification Photo link.
* When users (with non-public avatars) accept the change: their square cropped
avatar will become visible to everybody, instead of showing a placeholder
avatar.
* Users can change their mind and opt back out, which will again show the
placeholder avatar.
* The Certification Required middleware will automatically enforce the consent
page once the scheduled go-live date arrives.
Next steps are:
1. Post an announcement on the forum about the upcoming change and link users
to the consent form if they want to check it out early.
2. Update the nonshy site to add banners to places like the User Dashboard for
users who will be affected by the change, to link them to the forum post
and the consent page.
* Inner circle: users have the ability to remove themselves and can avoid being
invited again in the future.
* Admin actions: add a "Reset Password" ability to user accounts.
* Admin "Create New User" page.
* Rate limit error handling improvements for the login page.
* Add an Admin Certification Photo workflow where we can request the user to
upload a secondary form of ID (government issued photo ID showing their
face and date of birth).
* An admin rejection option can request secondary photo ID.
* It sends a distinct e-mail to the user apart from the regular rejection email
* It flags their cert photo as "Secondary Needed" forever: even if the user
removes their cert photo and starts from scratch, it will immediately request
secondary ID when uploading a new primary photo.
* Secondary photos are deleted from the server on both Approve and Reject by
the admin account, for user privacy.
* If approved, a Secondary Approved=true boolean is stored in the database. This
boolean is set to False if the user deletes their cert photo in the future.
* Add a transparency page where regular user accounts can list the roles and
permissions that an admin user has access to. It is available by clicking on
the "Admin" badge on that user's profile page.
* Add additional admin scopes to lock down more functionality:
* User feedback and reports
* Change logs
* User notes and admin notes
* Add friendly descriptions to what all the scopes mean in practice.
* Don't show admin notification badges to admins who aren't allowed to act on
those notifications.
* Update the admin dashboard page and documentation for admins.
* Dark theme fixes to brighten notification colors on mobile
* Add change log buttons around various pages to easily look into the history
of an object in the database:
* User profile page ('about user' and user table history links)
* User friends page
* User/Site gallery page (history of all (user) photos)
* Admin insights page (comments, threads, and blocklist history)
* Admin certification page (history of a user's cert photos)
* Comment history buttons on forums and photos