* Fix a broken Twitter profile image upload test.
* Skip a broken DeviantArt flash file upload test (flash no longer
supported by DeviantArt?)
* Skip user upgrade tests when Stripe is not configured.
Should improve performance for rating:e and rating:q searches. Rating:s
isn't isn't indexed because Postgres is unlikely to use the index for
rating:s searches (the selectivity is too low, ~77% of all posts are
rating:s).
Fix various minor inconsistencies between the production database schema
and the declared schema in db/structure.sql.
* tags.category was a smallint instead of an integer in production.
* The unique_schema_migrations index didn't exist outside production.
* The index_posts_on_tag_index index was called index_posts_on_tags_index
outside production.
* The posts.tag_index column didn't have a statistics target defined
outside production.
* ID sequences didn't have `AS integer` defined in production.
When an anonymous users tries to go to the new upload page, direct them
to the login page instead of showing them an "Access Denied" error.
Fixes complaints from SEO tools about linking to pages that return a 403
error.
meta_request fails in Rails 6.1 with a `SystemStackError: stack level
too deep` error. Switch to a patched fork until the mainline gem is
fixed.
* hxxps://www.github.com/dejan/rails_panel/pull/177
* hxxps://www.github.com/dejan/rails_panel/issues/178
Broken in 49bc2364 by the use of @extend.
Here's what happened. There are two CSS rules that both apply to pool links:
* a:link { color: var(--link-color); }
* .pool-category-series a { color: var(--series-pool-color); }
These rules have equal specificity (0-1-1). This means the rule that is
defined last takes priority. This means the order in which CSS files are
included matters. 49bc2364 used the @extend directive in a rule for
popup menus, which required an @import, which changed the order of the
CSS files, which made the a:link rule suddenly take priority over the
series pool rule.
The proper fix would be to use Sass's new @use directive instead of
@import, but that requires the latest version of Sass, which requires
the latest version of Webpacker, which we can't upgrade to yet because
of breaking changes.
The real moral of the story is: our CSS is very fragile because of
specificity rules. It's very important that rules are defined in a
certain order, otherwise our CSS will break.
* https://sass-lang.com/documentation/at-rules/use
* https://developer.mozilla.org/en-US/docs/Web/CSS/Specificity
Possible fix for #4675. This is still wonky; tapping the menu icon now
opens the menu, but doesn't close it. You have to tap outside the menu
to hide it.
Remove the rule that Members could only post 2 bumping comments per
hour.
This was frequently misunderstood as meaning that Members could only
post 2 comments per hour. In fact, Members could post an unlimited
number of comments per hour, but the rest of their comments had to be
non-bumping. The error message we showed to users was misleading. Even
our own code misunderstood what this did when describing the config
option.
Gold users also weren't subject to this limit, which was unfair since
Gold users aren't any better at commenting than regular users. The fact
that a large number of users already ignored bump limits and nobody
really noticed indicates that the limit was unnecessary.
Add a Shortlink menu option to the comment menu. Clicking this will copy
a DText comment shortlink (e.g. `comment #12345`) to the clipboard. You
can middle-click or right-click the menu option to get the full URL.
The menu option is called Shortlink instead of `comment #1234` because
show the full comment ID in the menu makes the menu look too unbalanced.
Note that the `navigator.clipboard` API can only be used in a https://
environment. It won't work in non-HTTPS development environments. ngrok
can help with this.
Factor out FontAwesome icons into a set of helpers. This is so that it's
easier to keep track of which icons we're using and easier to change
icons globally.
There are about 100 duplicate comment votes. This is because there
wasn't a uniqueness constraint in the database to prevent duplicate
votes. This adds a script to remove duplicate votes so that a constraint
can be added later.
Remove this rule for several reasons:
* A single upvote usually isn't enough to matter, especially with the
new comment threshold.
* It felt weird that trying to vote on a comment could fail.
* Disabling the upvote button on your own comments feels weird.
* Most other sites allow you to upvote your own comments.
* You're allowed to upvote your own uploads, so it doesn't make sense
that you can't upvote your own comments.
Allow users to upvote a comment, then downvote it, without raising an
error or having to manually remove the upvote first. The upvote is
automatically removed and replaced by the downvote.
Changes to the /comment_votes API:
* `POST /comment_votes` and `DELETE /comment_votes` now return a comment
vote instead of a comment.
* The `score` param in `POST /comment_votes` is now 1 or -1, not
`up` or `down.`
Change [quote] styling to Reddit/Github style (greyed out, with a bar on
the left side) instead of traditional forum style (big grey box around
the quote).
Reasons for this change:
* Box style is bulkier, especially for short quotes in comments.
* Box style works poorly for deeply nested quotes.
* Box style looks bad on widescreen monitors, since the quote stretches
across the full width of the screen.
* Add comment scores.
* Rework voting buttons so that you can click the upvote/downvote
buttons to toggle votes.
* Hide the edit, delete, undelete, and report buttons behind a popup menu.
* Show the upvote/downvote/reply buttons to logged out users. Redirect
them to the login page instead.
* Set the default comment threshold to -8. This means that comments are
hidden at -8 or lower and greyed out at -4 or lower.
* Reset the comment threshold to -8 for anyone with a threshold greater
than -8. For reference, only about ~3100 users had a non-default
threshold. About 1600 of those had their threshold reset to -8.
* Change the comment threshold to a less-than-or-equal comparison
instead of a less-than comparsion. This means that a threshold of 0
before is the same as a threshold of -1 now. Since everyone's
thresholds were reset, this only affects people whose thresholds were
already less than -8, which is so low that the difference shouldn't
matter much.
* Set the maximum comment threshold to 5. For reference, less than 1% of
comments have a score greater than 5.
* Set the minimum comment threshold to -100. For reference, the most
downvoted comment has a score of -60.
Let users see when a post has deleted comments. Show normal users a
'[deleted]' placeholder when a comment is deleted. Show the full comment
to moderators.
Also fix it so that the comment creator can't edit or undelete deleted
comments, and users can't vote on or report deleted comments.
Finally, hide the creator_id, updater_id, and body of deleted comments
in the API.
Previously thresholded comments were hidden completely. You had to click
the "Show X hidden comments" button to unhide all hidden comments in a
thread. Now it works like this:
* When a comment is below your threshold, the comment text is hidden and
replaced by a `[hidden]` link, which you can click to unhide the comment.
* When a comment is at half your threshold (for example, your threshold
is -8 but the comment is at -4), then the comment is greyed out.
This means that comments aren't completely hidden, they're just
collapsed, so you can see the commenter and the score without unhiding
the comment. It also means you don't have to scroll back up to unhide a
comment, and threads aren't disrupted by comments being secretly
hidden (which is confusing when people are replying to hidden comments,
which forces you to go back up and unhide to find).
This refactors Pundit policies to only rely on the current user, not on
the current user and the current HTTP request. In retrospect, it was a
bad idea to include the current request in the Pundit context. It bleeds
out everywhere and there are many contexts (in tests and models) where
we only have the current user, not the current request. The previous
commit got rid of the only two places where we used it.
