Commit Graph

20 Commits

Author SHA1 Message Date
Noah Petherbridge
6f5127dd56 Cold Storage with One-Way RSA Encryption 2024-05-29 23:20:24 -07:00
Noah Petherbridge
20d04fc370 Admin Transparency Page
* Add a transparency page where regular user accounts can list the roles and
  permissions that an admin user has access to. It is available by clicking on
  the "Admin" badge on that user's profile page.
* Add additional admin scopes to lock down more functionality:
  * User feedback and reports
  * Change logs
  * User notes and admin notes
* Add friendly descriptions to what all the scopes mean in practice.
* Don't show admin notification badges to admins who aren't allowed to act on
  those notifications.
* Update the admin dashboard page and documentation for admins.
2024-05-09 15:50:46 -07:00
Noah Petherbridge
763b9e4404 Text search for the change log 2024-04-04 23:05:16 -07:00
Noah Petherbridge
742a5fa1af Auto-Disconnect Users from Chat
Users whose accounts are no longer eligible to be in the chat room will be
disconnected immediately from chat when their account status changes.

The places in nonshy where these disconnects may happen include:

* When the user deactivates or deletes their account.
* When they modify their settings to mark their profile as 'private,' making
  them become a Shy Account.
* When they edit or delete their photos in case they have moved their final
  public photo to be private, making them become a Shy Account.
* When the user deletes their certification photo, or uploads a new cert photo
  to be reviewed (in both cases, losing account certified status).
* When an admin user rejects their certification photo, even retroactively.
* On admin actions against a user, including: banning them, deleting their
  user account.

Other changes made include:

* When signing up an account and e-mail sending is not enabled (e.g. local
  dev environment), the SignupToken is still created and logged to the console
  so you can continue the signup manually.
* On the new account DOB prompt, add a link to manually input their birthdate
  as text similar to on the Age Gate page.
2024-03-15 15:57:05 -07:00
Noah Petherbridge
2820cf581e Dedicated ChangeLog events for ban/lifecycle/admin changes 2024-02-25 17:36:01 -08:00
Noah Petherbridge
3142e0ce84 Change Log Updates
* Delete all change logs AboutUserID on account deletion, and export
  them in the data export zip.
* Log admin changes to ban/admin status of other users.
* Log user deactivations/reactivations and deletions (self serve or
  admin deletion).
2024-02-25 17:28:40 -08:00
Noah Petherbridge
f4d176a538 Change Logs
* Add a ChangeLog table to collect historic updates to various database tables.
* Created, Updated (with field diffs) and Deleted actions are logged, as well
  as certification photo approves/denies.
* Specific items added to the change log:
  * When a user photo is marked Explicit by an admin
  * When users block/unblock each other
  * When photo comments are posted, edited, and deleted
  * When forums are created, edited, and deleted
  * When forum comments are created, edited and deleted
  * When a new forum thread is created
  * When a user uploads or removes their own certification photo
  * When an admin approves or rejects a certification photo
  * When a user uploads, modifies or deletes their gallery photos
  * When a friend request is sent
  * When a friend request is accepted, ignored, or rejected
  * When a friendship is removed
2024-02-25 17:03:36 -08:00
Noah Petherbridge
7da650ffc4 Go 1.22 upgrade 2024-02-10 16:17:15 -08:00
Noah Petherbridge
7555dee944 Update admin feedback visitation links 2024-01-05 19:58:52 -08:00
Noah Petherbridge
be835ca8f9 Easy Mark Explicit button for admin users 2023-12-26 16:26:23 -08:00
Noah Petherbridge
fc8014913d Admin insights block lists page 2023-12-04 19:57:14 -08:00
Noah Petherbridge
bf71ed421c Maintenance Mode + Blockable Admin Scope 2023-08-16 22:09:04 -07:00
Noah Petherbridge
47aaf15078 Admin Groups & Permissions
Add a permission system for admin users so you can lock down specific admins to
a narrower set of features instead of them all having omnipotent powers.

* New page: Admin Dashboard -> Admin Permissions Management
* Permissions are handled in the form of 'scopes' relevant to each feature or
  action on the site. Scopes are assigned to Groups, and in turn, admin user
  accounts are placed in those Groups.
* The Superusers group (scope '*') has wildcard permission to all scopes. The
  permissions dashboard has a create-once action to initialize the Superusers
  for the first admin who clicks on it, and places that admin in the group.

The following are the exhaustive list of permission changes on the site:

* Moderator scopes:
    * Chat room (enter the room with Operator permission)
    * Forums (can edit or delete user posts on the forum)
    * Photo Gallery (can see all private/friends-only photos on the site
      gallery or user profile pages)
* Certification photos (with nuanced sub-action permissions)
    * Approve: has access to the Pending tab to act on incoming pictures
    * List: can paginate thru past approved/rejected photos
    * View: can bring up specific user cert photo from their profile
    * The minimum requirement is Approve or else no cert photo page
      will load for your admin user.
* User Actions (each action individually scoped)
    * Impersonate
    * Ban
    * Delete
    * Promote to admin
* Inner circle whitelist: no longer are admins automatically part of the
  inner circle unless they have a specialized scope attached.

The AdminRequired decorator may also apply scopes on an entire admin route.
The following routes have scopes to limit them:

* Forum Admin (manage forums and their settings)
* Remove from inner circle
2023-08-01 20:39:48 -07:00
Noah Petherbridge
345285d7a3 Add Admin Guidelines to dashboard
* A reason must be entered to impersonate a user, and it triggers a
  Report and email notification to the admin.
* User gallery pages will show at the top whether the user had granted
  you access to their private photos.
2022-12-24 23:00:59 -08:00
6c91c67c97 More Private User Avatars
* Users who set their Profile Picture to "friends only" or "private" can have
  their avatar be private all over the website to users who are not their
  friends or not granted access.
* Users who are not your friends see a yellow placeholder avatar, and users
  not granted access to a private Profile Pic sees a purple avatar.
* Admin users see these same placeholder avatars most places too (on search,
  forums, comments, etc.) if the user did not friend or grant the admin. But
  admins ALWAYS see it on their Profile Page directly, for ability to moderate.
* Fix marking Notifications as read: clicking the link in an unread notification
  now will wait on the ajax request to finish before allowing the redirect.
* Update the FAQ
2022-09-08 21:42:20 -07:00
bbc6e354e2 Rename the module 2022-08-25 21:21:46 -07:00
93c13882aa Finish Forums + Likes & Notifications
Finish implementing the basic forum features:
* Pinned threads (admin or board owner only)
* Edit Thread settings when you edit the top-most comment.
* NoReply threads remove all the reply buttons.
* Explicit forums and threads are filtered out unless opted-in (admins
  always see them).
* Count the unique members who participated in each forum.
* Get the most recently updated thread to show on forum list page.
* Contact/Report page: handle receiving a comment ID to report on.

Implement Likes & Notifications
* Like buttons added to Photos and Profile Pages. Implemented via simple
  vanilla JS (likes.js) to make ajax requests to back-end to like/unlike.
* Notifications: for your photo or profile being liked. If you unlike,
  the existing notifications about the like are revoked.
* The notifications appear as an alert number in the nav bar and are read
  on the User Dashboard. Click to mark a notification as "read" or click
  the "mark all as read" button.

Update DeleteUser to scrub likes, notifications, threads, and comments.
2022-08-24 21:17:34 -07:00
e42cebe4b8 Contact Us, Feedback, and Reporting
* Add the Contact page where users can contact the site admins for feedback or
  to report a problematic user, photo or message.
* Reports go into the admin Feedback table.
* Admin nav bar indicates number of unread feedbacks.
* Add "Report" button to profile pages, photo cards, and the top of Direct
  Message threads.

Misc changes:

* Send emails out asynchronously for more responsive page loads.
2022-08-21 14:05:08 -07:00
e4406feb1e Admin Actions
* Add impersonate feature
* Add ban/unban user feature
* Add promote/demote admin status feature
* Add admin user deletion feature
* Admin ability to see other status certification pics
* Nav bar indicator of pending admin actions such as cert pics
  needing approval
* Admin ability to search cert pics for specific user
2022-08-14 16:27:57 -07:00
400a256ec8 Certification Photo Workflow
* Add "Site Gallery" page showing all public+gallery member photos.
* Add "Certification Required" decorator for gallery and other main pages.
* Add the Certification Photo workflow:
  * Users have a checklist on their dashboard to upload a profile pic
    and post a certification selfie (two requirements)
  * Admins notified by email when a new certification pic comes in.
  * Admin can reject (w/ comment) or approve the pic.
  * Users can re-upload or delete their pic at the cost of losing
    certification status if they make any such changes.
  * Users are emailed when their photo is either approved or rejected.
* User Preferences: can now save the explicit pref to your account.
* Explicit photos on user pages and site gallery are hidden if the
  current user hasn't opted-in (user can always see their own explicit
  photos regardless of the setting)
* If a user is viewing a member gallery and explicit pics are hidden, a
  count of the number of explicit pics is shown to inform the user that
  more DO exist, they just don't see them. The site gallery does not do
  this and simply hides explicit photos.
2022-08-13 15:39:31 -07:00