Refactor tag scripts to fix multiple issues:
* Errors during tag scripting didn't show the actual error message, just
a generic "There was an error updating post #NNN" message.
* The quick edit form didn't show any error messages at all on failure.
* Thumbnails didn't have all their data attributes properly updated
after the post was updated.
This changes it so that thumbnails have their html fully replaced after
updating. This has the side effect of removing event handlers bound
directly to the thumbnail. A `danbooru:post-preview-updated` event is
fired in case userscripts need to detect when thumbnails are updated.
Add a curated posts page at /explore/posts/curated. Curated posts are
the most favorited posts by contributor-level users (users with
unlimited upload permissions).
Also add an order:curated tag using for use in regular searches.
* Fix the next button for the weekly timescale to jump to the next week,
not the next day.
* Show the start and end dates for the weekly timescale.
* Use `Time.zone.today` instead of `Date.today` to respect the user's
timezone setting.
Set the sender name and IP addresses explicitly in the controller rather
than implicitly in the model.
Fixes cases where automated dmails from DanbooruBot had their IP
addresses set to the person who triggered the dmail, even though they
didn't actually send the dmail themselves.
Make searches on the /tags index includes aliases too. Show matching
aliases like this:
Name: gray*
? 75098 grey_hair <- gray_hair
? 35345 grey_eyes <- gray_eyes
Remove the edit, update, and approve endpoints for tag aliases and
implications. These have been useless since individual alias and
implication requests were removed. Aliases and implications could only
be edited or approved if they were in the pending state, which is no
longer possible.
Also remove unused new alias/implication request forms.
Remove `POST /moderator/post/undelete` endpoint. Replace it with
`POST /post_approvals` instead.
Fixes it so that undeleting a post has the same behavior as approving a
post. Namely, it reloads the page instead of just flashing a "Post was
undeleted" message.
Refactor how model visibility works in index actions:
* Call `visible` in the controller instead of in model `search`
methods. This decouples model visibility from model searching.
* Explicitly pass CurrentUser when calling `visible`. This reduces
hidden dependencies on the current user inside models.
* Standardize on calling the method `visible`. In some places it was
called `permitted` instead.
* Add a `visible` base method to ApplicationModel.
Remove the creator_id field from artists, notes, and pools. The
creator_id wasn't otherwise used and was inconsistent with the
artist/note/pool history in some cases, especially for old artists.
* Don't show who disapproved the post to other users. Only show the
creator to mods or to the disapprover themselves.
* Let unprivileged users see the /post_disapprovals index.
Refactor to use accepts_nested_attributes_for instead of the notes
attribute to facilitate editing wikis on the artist edit page.
This fixes the notes attribute unintentionally showing up in the API.
This also changes it so that renaming an artist entry doesn't
automatically rename the corresponding wiki page. This had bad behavior
when there was a conflict between wiki pages (the wikis would be
silently merged, which usually isn't what you want). It also didn't warn
about wiki links being broken by renames.
* Replace the .category-N CSS classes on tags with .tag-type-N. Before
we were inconsistent about whether tag colors were indicated with
.category-N or .tag-type-N. Now it's always .tag-type-N.
* Fix various places to not use Tag.category_for. Tag.category_for does
one Redis call per tag lookup, which leads to N Redis calls on many
pages. This was inefficient because usually we either already had the
tags from the database, or we could fetch them easily.
Don't make /dmails default to the received folder when no other folder
is specified. This is surprising in the API because it means
/dmails.json only shows received dmails by default, not all dmails. This
isn't necessary either since everything that links to dmails already
specifies the received folder.
Remove various associated fields that were included by default on
certain endpoints. API users can use the only param to include the
full association if they need these fields.
* /artists.json: urls.
* /artist_urls.json: artist.
* /comments.json: creator_name and updater_name.
* /notes.json: creator_name.
* /pools.json: creator_name.
* /posts.json: uploader_name, children_ids, pixiv_ugoira_frame_data.
* /post_appeals.json: is_resolved.
* /post_versions.json: updater_name.
* /uploads.json: uploader_name.
- The only string works much the same as before with its comma separation
-- Nested includes are indicated with square brackets "[ ]"
-- The nested include is the value immediately preceding the square brackets
-- The only string is the comma separated string inside those brackets
- Default includes are split between format types when necessary
-- This prevents unnecessary includes from being added on page load
- Available includes are those items which are allowed to be accessible to the user
-- Some aren't because they are sensitive, such as the creator of a flag
-- Some aren't because the number of associated items is too large
- The amount of times the same model can be included to prevent recursions
-- One exception is the root model may include the same model once
--- e.g. the user model can include the inviter which is also the user model
-- Another exception is if the include is a has_many association
--- e.g. artist urls can include the artist, and then artist urls again
Fix a couple security issues related to dmail permalinks. Dmails have a
permalink that you can give to a Mod to let them read the dmail. This is
done with a key param that grants access when the dmail is opened by
another user. The key param had several problems:
* The key contained a full copy of the message's title and body encoded in
base64. This meant that anyone given a dmail permalink could read the
full dmail just by decoding the key in the link, without even having
to open the link.
* The key was derived from the dmail's title and body. If you knew or
could guess a dmail's title and body you could open the dmail. One
case when this was possible was when sending dmails. You could send
someone a dmail, take the permalink from your sent copy of the dmail,
then increment the dmail id to open the receiver's copy of the dmail.
Since the sent copy and the received copy both had the same title and
body, they both had the same dmail key. This let you check whether a
person had read your dmail, and what time they read it at.
* The key verification was done with an insecure string comparison
rather than a secure constant-time comparison. This was potentially
vulnerable to timing attacks.
* Opening a dmail belonging to another user would mark it as read for them.
The fix to all this is to use the dmail's id as the key instead of the
dmail's title and body. This means that old permalinks no longer work.
This is unavoidable given the issues above.
Other changes:
* The name of the 'Permalink' link is now 'Share'.
* Anyone with the 'Share' link can view the dmail, not just Mods.
* Add ability to mark dmails as unread.
* Fix users.unread_dmail_count to not count deleted dmails.
* Fix show action so that API calls don't mark dmails as read.
* Don't show the unread dmail notice on the /dmails page itself.
* Stop using users.has_mail flag.
* Add unread and deleted dmail folders.
* Remove dmail_folder cookie (wasn't used).
* Default to the received folder so that we don't show sent messages by default.
Turn deletions into soft deletions (set the is_deleted flag) instead of
hard deletions (remove from database). The is_deleted flag actually
already existed, but it was never used before.
