* Move emails from users table to email_addresses table.
* Validate that addresses are formatted correctly and are unique across
users. Existing invalid emails are grandfathered in.
* Add is_verified flag (the address has been confirmed by the user).
* Add is_deliverable flag (an undeliverable address is an address that bounces).
* Normalize addresses to prevent registering multiple accounts with the
same email address (using tricks like Gmail's plus addressing).
Remove code for updating forum topics when an alias or implication is
approved or rejected. This code was only used when approving single
alias or implication requests. This is no longer used now that all
alias/implication requests are done through BURs.
The old password reset flow:
* User requests a password reset.
* Danbooru generates a password reset nonce.
* Danbooru emails user a password reset confirmation link.
* User follows link to password reset confirmation page.
* The link contains a nonce authenticating the user.
* User confirms password reset.
* Danbooru resets user's password to a random string.
* Danbooru emails user their new password in plaintext.
The new password reset flow:
* User requests a password reset.
* Danbooru emails user a password reset link.
* User follows link to password edit page.
* The link contains a signed_user_id param authenticating the user.
* User changes their own password.
* Support negated wildcards in searches (e.g. "holding -holding_*")
* Raise wildcard limit to matching 25 tags regardless of user level.
* Fix wildcards potentially matching empty tags.
* Fix wildcard tags being sorted by post count only, and therefore not
having a stable ordering when tags have equal post counts.
* Fix sidebar to calculate wildcards tags the same way the search does.
Rename is_active to is_deleted. This is for better consistency with
other models, and to reduce confusion over what "active" means for
artists. Sometimes users think active is for whether the artist is
actively producing work.
This meant that both functions had to return two separate values,
which need to be destructured by the function calling them. This
isn't so much a huge issue as its more something just to be made
aware of in case either function needs to be used elsewhere.
Add a sidebar to the modqueue page that shows the following information:
* Number of pending and flagged posts.
* Number of posts disapproved for poor quality or breaking rules.
* Top uploaders in the queue.
* Top artist, copyright, and character tags in the queue.
* Include appeals and flags.
* Avoid an existence query for pools.
* Avoid a query checking if the user has previously approved the post.
This is a rare condition and it will be prevented anyway if the user
tries to reapprove the post.
* Change the `disapproval:<reason>` metatag to `disapproved:<reason>`.
* Change `disapproved:<reason>` to show all posts disapproved for a
given reason, not just those disapproved by the current user.
* Allow searching for your own disapprovals with `disapproved:<my_name>`.
* Drop the `disapproved:<any|none>` metatags. `disapproved:any` is
equivalent to `disapproved:<my_name>` and `disapproved:none` is
equivalent to `-disapproved:<my_name>`.
These changes are so that you can search e.g. disapproved:poor_quality
to find all posts disapproved for poor quality.
Send weekly warning dmails to approvers in danger of losing their
approver permissions. Don't send warnings if we're more than three weeks
away from demotion so that approvers aren't warned prematurely.
Set the sender name and IP addresses explicitly in the controller rather
than implicitly in the model.
Fixes cases where automated dmails from DanbooruBot had their IP
addresses set to the person who triggered the dmail, even though they
didn't actually send the dmail themselves.
Refactor to use a recursive CTE to calculate implied tags in SQL, rather
than storing them in a descendant_names field. This avoids the
complexity of keeping the stored field up to date. It's also more
flexible, since it allows us to find both descendant tags (tags that
imply a given tag) as well as ancestor tags (tags that are implied by a
given tag).
* Allow approvers to approve a post by tagging it with status:active.
* Allow approvers to ban a post by tagging it with status:banned.
* Allow approvers to unban a post by tagging it with -status:banned.
Remove the creator_id field from artists, notes, and pools. The
creator_id wasn't otherwise used and was inconsistent with the
artist/note/pool history in some cases, especially for old artists.
Remove the post update count estimate from BUR show pages. This was
complex, slow, and usually inaccurate since it assumed that requests in
a BUR had no overlap with each other, which usually wasn't the case.
Refactor to use accepts_nested_attributes_for instead of the notes
attribute to facilitate editing wikis on the artist edit page.
This fixes the notes attribute unintentionally showing up in the API.
This also changes it so that renaming an artist entry doesn't
automatically rename the corresponding wiki page. This had bad behavior
when there was a conflict between wiki pages (the wikis would be
silently merged, which usually isn't what you want). It also didn't warn
about wiki links being broken by renames.
* Automatically generate a mod report when a comment, forum post, or
dmail is detected as spam.
* Automatically ban users that receive too many automatic spam reports
within a short window of time.
* Automatically mark spam dmails as deleted.
* Change ban threshold from 10 spam reports in 24 hours to 10 reports in 1 hour.
* Change ban length from 3 days to forever.
* Add ability to mark dmails as unread.
* Fix users.unread_dmail_count to not count deleted dmails.
* Fix show action so that API calls don't mark dmails as read.
* Don't show the unread dmail notice on the /dmails page itself.
* Stop using users.has_mail flag.
Fix bulk update requests generating invalid [bur:<id>] links in forum
posts. The id was missing because the BUR created the forum topic in a
before_create hook, which created the post before the BUR was saved so
the BUR didn't have an id yet. Fix regression caused by b4ce2d83.
Avoid doing one SQL query per topic when checking for new topics on the
forum index.
This also changes it so that forum topics aren't always marked as new
for anonymous users.
* Rarely used (only used ~15 times in total, not used at all since 2015-2016).
* Merging topics didn't properly bump the new topic.
* Merging topics didn't log a modaction when the old topic was deleted.
* Merging topics broke the old topic. Moving all the posts from one topic
to another leaves the old topic with zero posts. This normally can't
happen and it causes exceptions when you try to view the empty topic.
* It was technically possible to merge a topic with itself. This would
break the response_count.
* It was technically possible for a mod to merge a topic into an
admin-only topic.
