* Add a way for users to temporarily deactivate their accounts, in a
recoverable way should they decide to return later.
* A deactivated account may log in but have limited options: to
reactivate their account, permanently delete it, or log out.
* Fix several bugs around the display of comments, messages and
forum threads for disabled, banned, or blocked users:
* Messages (inbox and sentbox) will be hidden and the unread indicator
will not count unread messages the user can't access.
* Comments on photos and forum posts are hidden, and top-level threads
on the "Newest" tab will show "[unavailable]" for their text and
username.
* Your historical notifications will hide users who are blocked, banned
or disabled.
* Add a "Friends" tab to user profile pages, to see other users' friends.
* The page is Certification Required so non-cert users can't easily
discover any members on the site.
New feature: User Notes
* Add a "Notes" tab to user profile pages and galleries.
* Users can create one private note about another user.
* Admins can see all notes left about a user.
* Admins also see Feedback & Reports regarding the user on that page.
Bring back the online chatters list
* The Usernames are filtered down based on blocklist status.
* Signup: if entering an existing email, don't admit that the email
exists. Instead, send a specialized email to its address.
* Search: no longer search for users by email address.
* Login: always hash the incoming password on user not found, to take
constant time compared to when the user did exist.
* Fix a pagination bug when a private (shy account) views a non-friend's
photo gallery.
* On user profile pages and gallery: the total photo count for the user
will only include photos that the viewer can actually see (taking into
account friendship and private grants), so that users won't harass
each other to see the additional photos that aren't visible to them.
* On the member directory search: the photo counts will only show public
photos on their page for now, and may be fewer than the number of
photos the current user could actually see.
* Blocklist: you can now manually add a user by username to your block
list. So if somebody blocked you on the site and you want to block
them back, there is a way to do this.
* Friends: you can now directly unfriend someone from their profile
page by clicking on the "Friends" button. You get a confirmation
popup before the remove friend action goes through.
* Bugfix: when viewing a user's gallery, you were able to see their
Friends-only photos if they granted you their Private photo access,
even if you were not their friend.
* Bugfix: when uploading a new private photo, instead of notifying
everybody you granted access to your privates it will only notify
if they are also on your friend list.
Added the ability to delete or clear notifications.
* A "Clear all" button deletes them all (with confirmation)
* A "Remove" button on individual notifications (one confirmation per
page load, so you can remove several without too much tedium)
Fix some things regarding private photo notifications:
* When notifying your existing grants about a new upload, only users who
opt-in for Explicit are notified about Explicit private pictures.
* When revoking private grants, clean up the "has uploaded a new private
photo" notifications for all of your pics from their notification
feeds.
Add a permission system for admin users so you can lock down specific admins to
a narrower set of features instead of them all having omnipotent powers.
* New page: Admin Dashboard -> Admin Permissions Management
* Permissions are handled in the form of 'scopes' relevant to each feature or
action on the site. Scopes are assigned to Groups, and in turn, admin user
accounts are placed in those Groups.
* The Superusers group (scope '*') has wildcard permission to all scopes. The
permissions dashboard has a create-once action to initialize the Superusers
for the first admin who clicks on it, and places that admin in the group.
The following are the exhaustive list of permission changes on the site:
* Moderator scopes:
* Chat room (enter the room with Operator permission)
* Forums (can edit or delete user posts on the forum)
* Photo Gallery (can see all private/friends-only photos on the site
gallery or user profile pages)
* Certification photos (with nuanced sub-action permissions)
* Approve: has access to the Pending tab to act on incoming pictures
* List: can paginate thru past approved/rejected photos
* View: can bring up specific user cert photo from their profile
* The minimum requirement is Approve or else no cert photo page
will load for your admin user.
* User Actions (each action individually scoped)
* Impersonate
* Ban
* Delete
* Promote to admin
* Inner circle whitelist: no longer are admins automatically part of the
inner circle unless they have a specialized scope attached.
The AdminRequired decorator may also apply scopes on an entire admin route.
The following routes have scopes to limit them:
* Forum Admin (manage forums and their settings)
* Remove from inner circle
* Add they/them as example pronouns on the Edit Profile page and make
the examples clickable to fill them in easily.
* When viewing a photo gallery and you opt-out of explicit, have a link
to your settings page to opt-in.
* Update the rules on the homepage and signup page.
* Add a notice on DM pages about the privacy policy and TOS.
* Refactor the Settings page into a tabbed UI to reduce confusion with
all the different forms and save buttons
* Add a DM Privacy setting to your page
* Update the About page
* Users with private profiles or no public photo at all are considered
to be Shy Accounts and are isolated from the non-shy profiles.
* Restrictions include:
* Site Gallery shows only them + their friends' photos.
* User Galleries: must be a friend or had private photos granted to
see a user's gallery page.
* DMs: can not initiate a DM to a non-shy member (other shy members
OK).
* A reason must be entered to impersonate a user, and it triggers a
Report and email notification to the admin.
* User gallery pages will show at the top whether the user had granted
you access to their private photos.
* Add the PollVotes table and associated logic.
* Multiple choice polls supported.
* Expiring and non-expiring polls.
* Icons and badges on the forum pages to show posts with polls
* Bugfix: non-explicit users getting SQL errors on Newest Posts page.