The nonshy website is changing the policy on profile pictures. From August 30,
the square cropped avatar images will need to be publicly viewable to everyone.
This implements the first pass of the rollout:
* Add the Public Avatar Consent Page which explains the change to users and
asks for their acknowledgement. The link is available from their User Settings
page, near their Certification Photo link.
* When users (with non-public avatars) accept the change: their square cropped
avatar will become visible to everybody, instead of showing a placeholder
avatar.
* Users can change their mind and opt back out, which will again show the
placeholder avatar.
* The Certification Required middleware will automatically enforce the consent
page once the scheduled go-live date arrives.
Next steps are:
1. Post an announcement on the forum about the upcoming change and link users
to the consent form if they want to check it out early.
2. Update the nonshy site to add banners to places like the User Dashboard for
users who will be affected by the change, to link them to the forum post
and the consent page.
* Inner circle: users have the ability to remove themselves and can avoid being
invited again in the future.
* Admin actions: add a "Reset Password" ability to user accounts.
* Admin "Create New User" page.
* Rate limit error handling improvements for the login page.
* Add a transparency page where regular user accounts can list the roles and
permissions that an admin user has access to. It is available by clicking on
the "Admin" badge on that user's profile page.
* Add additional admin scopes to lock down more functionality:
* User feedback and reports
* Change logs
* User notes and admin notes
* Add friendly descriptions to what all the scopes mean in practice.
* Don't show admin notification badges to admins who aren't allowed to act on
those notifications.
* Update the admin dashboard page and documentation for admins.
* Add an Alt Text field for users to describe their photos for accessibility.
* Alt texts appear on mouse over on Gallery pages, in the lightbox modal (on
mouse over or by clicking the ALT button that appears), and in a box on the
permalink page below the photo caption.
* Max length of Alt Text is 5,000 characters.
* Fix a bug with the right-click blocker not working on the lightbox modal.
* Add a ChangeLog table to collect historic updates to various database tables.
* Created, Updated (with field diffs) and Deleted actions are logged, as well
as certification photo approves/denies.
* Specific items added to the change log:
* When a user photo is marked Explicit by an admin
* When users block/unblock each other
* When photo comments are posted, edited, and deleted
* When forums are created, edited, and deleted
* When forum comments are created, edited and deleted
* When a new forum thread is created
* When a user uploads or removes their own certification photo
* When an admin approves or rejects a certification photo
* When a user uploads, modifies or deletes their gallery photos
* When a friend request is sent
* When a friend request is accepted, ignored, or rejected
* When a friendship is removed
New feature: User Notes
* Add a "Notes" tab to user profile pages and galleries.
* Users can create one private note about another user.
* Admins can see all notes left about a user.
* Admins also see Feedback & Reports regarding the user on that page.
Bring back the online chatters list
* The Usernames are filtered down based on blocklist status.
Add a permission system for admin users so you can lock down specific admins to
a narrower set of features instead of them all having omnipotent powers.
* New page: Admin Dashboard -> Admin Permissions Management
* Permissions are handled in the form of 'scopes' relevant to each feature or
action on the site. Scopes are assigned to Groups, and in turn, admin user
accounts are placed in those Groups.
* The Superusers group (scope '*') has wildcard permission to all scopes. The
permissions dashboard has a create-once action to initialize the Superusers
for the first admin who clicks on it, and places that admin in the group.
The following are the exhaustive list of permission changes on the site:
* Moderator scopes:
* Chat room (enter the room with Operator permission)
* Forums (can edit or delete user posts on the forum)
* Photo Gallery (can see all private/friends-only photos on the site
gallery or user profile pages)
* Certification photos (with nuanced sub-action permissions)
* Approve: has access to the Pending tab to act on incoming pictures
* List: can paginate thru past approved/rejected photos
* View: can bring up specific user cert photo from their profile
* The minimum requirement is Approve or else no cert photo page
will load for your admin user.
* User Actions (each action individually scoped)
* Impersonate
* Ban
* Delete
* Promote to admin
* Inner circle whitelist: no longer are admins automatically part of the
inner circle unless they have a specialized scope attached.
The AdminRequired decorator may also apply scopes on an entire admin route.
The following routes have scopes to limit them:
* Forum Admin (manage forums and their settings)
* Remove from inner circle
* Refactor the Settings page into a tabbed UI to reduce confusion with
all the different forms and save buttons
* Add a DM Privacy setting to your page
* Update the About page
* Add the PollVotes table and associated logic.
* Multiple choice polls supported.
* Expiring and non-expiring polls.
* Icons and badges on the forum pages to show posts with polls
* Bugfix: non-explicit users getting SQL errors on Newest Posts page.
Got initial Poll table and UI started:
* Polls can be attached to any NEW forum post (can't edit poll details
after creation)
* Max 100 options (theoretically unlimited), expiration time.
* UI: shows radio button list on posts having a poll, no submit handler
yet created.
The photo upload limit for user profiles is raised from 24 to 100.
The bug about Filesize not saving to the database for Photos and
CommentPhotos (storing zeroes in the DB) has been fixed. Run the
`nonshy backfill filesizes` to populate your existing database.
* Add support to upload a picture to forum posts and replies, in forums that
have the PermitPhotos setting enabled.
* New DB table: CommentPhoto holds the association between a photo and a
forum ID. Photos can be uploaded at preview time (before a CommentID is
available) and get associated to the CommentID on save.
* Cron endpoint /v1/comment-photos/remove-orphaned can clean up orphaned
photos without a CommentID older than 24 hours.
* Add "Photo Boards" as a default forum category for new boards.
* Add ability to unlock your private photos for others.
* Link to unlock is on another user's Photos page.
* You can also access your "Manage Private Photos" page in the User Menu
or Dashboard and add a user by username.
* See who you have granted access, and see users who have granted you
access to their private photos.
* Private photos of users who unlocked them for you may appear on the Site
Gallery if the photo allows.
* Add new filters to the Site Gallery: you can choose to filter by Explicit,
limit to a specific Visibility, and order by Newest or Oldest. Non-explicit
users do not get a filter to see explicit content - they must opt-in in
their settings.
* Bugfix: Site Gallery was not correctly filtering Explicit photos away from
users who did not opt-in for explicit!
* Add a "Newest" tab to the Forums landing page to order ALL forum posts
(comments) by most recent, paginated.
* Add a "Views" cooldown in Redis: viewing the same post multiple times
within 1 hour doesn't ++ the view count with every page load, per user
per thread ID.
* Update the paginators to handle unlimited numbers of pages: shows max
7 page buttons with your current page towards the middle.
* General ability to jump to the "last page" of anything: use a negative
page size like ?page=-1 and it acts like the last page.
