* Add endpoint /go/comment?id= that finds the right page that a comment
can be seen on for the current user and redirects there.
* Resolves issues with link discrepancies in comment notifications, if
the recipient sees different page numbers depending on blocklist
status.
* Supports copyable permalinks to any comment on the site reliably.
* Add a way for users to temporarily deactivate their accounts, in a
recoverable way should they decide to return later.
* A deactivated account may log in but have limited options: to
reactivate their account, permanently delete it, or log out.
* Fix several bugs around the display of comments, messages and
forum threads for disabled, banned, or blocked users:
* Messages (inbox and sentbox) will be hidden and the unread indicator
will not count unread messages the user can't access.
* Comments on photos and forum posts are hidden, and top-level threads
on the "Newest" tab will show "[unavailable]" for their text and
username.
* Your historical notifications will hide users who are blocked, banned
or disabled.
* Add a "Friends" tab to user profile pages, to see other users' friends.
* The page is Certification Required so non-cert users can't easily
discover any members on the site.
New feature: User Notes
* Add a "Notes" tab to user profile pages and galleries.
* Users can create one private note about another user.
* Admins can see all notes left about a user.
* Admins also see Feedback & Reports regarding the user on that page.
Bring back the online chatters list
* The Usernames are filtered down based on blocklist status.
Add a permission system for admin users so you can lock down specific admins to
a narrower set of features instead of them all having omnipotent powers.
* New page: Admin Dashboard -> Admin Permissions Management
* Permissions are handled in the form of 'scopes' relevant to each feature or
action on the site. Scopes are assigned to Groups, and in turn, admin user
accounts are placed in those Groups.
* The Superusers group (scope '*') has wildcard permission to all scopes. The
permissions dashboard has a create-once action to initialize the Superusers
for the first admin who clicks on it, and places that admin in the group.
The following are the exhaustive list of permission changes on the site:
* Moderator scopes:
* Chat room (enter the room with Operator permission)
* Forums (can edit or delete user posts on the forum)
* Photo Gallery (can see all private/friends-only photos on the site
gallery or user profile pages)
* Certification photos (with nuanced sub-action permissions)
* Approve: has access to the Pending tab to act on incoming pictures
* List: can paginate thru past approved/rejected photos
* View: can bring up specific user cert photo from their profile
* The minimum requirement is Approve or else no cert photo page
will load for your admin user.
* User Actions (each action individually scoped)
* Impersonate
* Ban
* Delete
* Promote to admin
* Inner circle whitelist: no longer are admins automatically part of the
inner circle unless they have a specialized scope attached.
The AdminRequired decorator may also apply scopes on an entire admin route.
The following routes have scopes to limit them:
* Forum Admin (manage forums and their settings)
* Remove from inner circle
* Add they/them as example pronouns on the Edit Profile page and make
the examples clickable to fill them in easily.
* When viewing a photo gallery and you opt-out of explicit, have a link
to your settings page to opt-in.
* Update the rules on the homepage and signup page.
* Add a notice on DM pages about the privacy policy and TOS.
* Users with private profiles or no public photo at all are considered
to be Shy Accounts and are isolated from the non-shy profiles.
* Restrictions include:
* Site Gallery shows only them + their friends' photos.
* User Galleries: must be a friend or had private photos granted to
see a user's gallery page.
* DMs: can not initiate a DM to a non-shy member (other shy members
OK).
* A reason must be entered to impersonate a user, and it triggers a
Report and email notification to the admin.
* User gallery pages will show at the top whether the user had granted
you access to their private photos.
* Add support to upload a picture to forum posts and replies, in forums that
have the PermitPhotos setting enabled.
* New DB table: CommentPhoto holds the association between a photo and a
forum ID. Photos can be uploaded at preview time (before a CommentID is
available) and get associated to the CommentID on save.
* Cron endpoint /v1/comment-photos/remove-orphaned can clean up orphaned
photos without a CommentID older than 24 hours.
* Add "Photo Boards" as a default forum category for new boards.
* Enhance user experience replying to a forum thread. An inline reply textarea
is added to page footers, "Quote" buttons on posts will quote the markdown
source and focus the reply textarea, and "Reply" buttons will put an
"@ mention" and focus the reply textarea. Users with scripts disabled will
still be sent to the regular reply page as before.
* Improve all pagers by adding a "QueryPlus" template function that merges the
page number with other current query parameters.
* Fix private profile picture avatars not displaying in your Notifications for
profile pics you're allowed to see.
* For admins, make it a specific opt-in filter for the Site Gallery to
show all pictures regardless of friendship or grant (for moderation
purposes). On this view, Like and Comment buttons are taken away.
Non-admins are not shown the option and the back-end ignores the
parameter for them.
* Fix user avatars on compose and admin actions page.
* Users who set their Profile Picture to "friends only" or "private" can have
their avatar be private all over the website to users who are not their
friends or not granted access.
* Users who are not your friends see a yellow placeholder avatar, and users
not granted access to a private Profile Pic sees a purple avatar.
* Admin users see these same placeholder avatars most places too (on search,
forums, comments, etc.) if the user did not friend or grant the admin. But
admins ALWAYS see it on their Profile Page directly, for ability to moderate.
* Fix marking Notifications as read: clicking the link in an unread notification
now will wait on the ajax request to finish before allowing the redirect.
* Update the FAQ
* Add ability to unlock your private photos for others.
* Link to unlock is on another user's Photos page.
* You can also access your "Manage Private Photos" page in the User Menu
or Dashboard and add a user by username.
* See who you have granted access, and see users who have granted you
access to their private photos.
* Private photos of users who unlocked them for you may appear on the Site
Gallery if the photo allows.
* Add new filters to the Site Gallery: you can choose to filter by Explicit,
limit to a specific Visibility, and order by Newest or Oldest. Non-explicit
users do not get a filter to see explicit content - they must opt-in in
their settings.
* Bugfix: Site Gallery was not correctly filtering Explicit photos away from
users who did not opt-in for explicit!
* Add "Like" buttons to comments and forum posts.
* Make "private" profiles more private (logged-in users see only their profile
pic, display name, and can friend request or message, if they are not approved
friends of the private user)
* Add "logged-out view" visibility setting to profiles: to share a link to your
page on other sites. Opt-in setting - default is login required to view your
public profile page.
* CSRF cookie fix.
* Updated FAQ & Privacy pages.