Previously, this check would return a "user not found" error when
retrieving a collection post by its post ID, e.g. /api/posts/abc123
instead of /api/collections/demo/posts/my-slug -- this happens
particularly when `Announce`ing a post in the fediverse. This change
fixes that.
the change to take a hostname in Post.CanonicalURL broke a few template
using that function. This adds a Hostname string to the Post being
passed to templates and passes it to calls to Post.CanonicalURL
This includes the instance's hostname in calls to export a CSV file and
PublicPost.CanonicalURL().
It also fixes a panic in that method during CSV export caused by draft
posts.
- update error messages to be correct
- move suspended message into template and include for other pages
- check suspended status on all relevant pages and show message if
logged in user is suspended.
- fix possible nil pointer error
- remove changes to db schema files
- add version comment to migration
- add UserStatus type with UserActive and UserSuspended
- change database table to use status column instead of suspended
- update toggle suspended handler to be toggle status in prep for
possible future inclusion of further user statuses
Includes:
* AP Collection fetching via canonical URL
* AP Collection fetching via API
* AP Post fetching via canonical URL
* AP Post fetching via API
Ref T693
This renders all requests for that user's posts, collections and related
ActivityPub endpoints with 404 responses.
While suspended, users may not create or edit posts or collections.
User status is listed in the admin user page
Admin view of user details shows status and now has a button to activate
or suspend a user.
instead of updating it later. This is more correct behavior, prevents an
additional query, and ensures that potential collection-creation when
claiming posts also respects the default (which it didn't before).
Ref T675
This adds a new config value: `chorus` that signifies an instance is
more about the Reader view than individual blogs / writers. When
enabled, user navigation will show on all pages, including About,
Reader, and Privacy (ref T680).
It also uses different collection templates that keep the instance-wide
navigation at the top of the page, instead of the author's name --
again, branded more for the collective than the individual.
Ref T681
This fixes a bug that occurred only when publishing via API and
authenticating via token (rather than cookie).
Previously, the instance's hostname wouldn't be added to the Collection
that got passed around after retrieving the owned post, meaning an
incomplete URL was returned in the API response, and federation failed due
to the missing host.
This displays the "page is missing" text within the same page as any
other blog post, keeping customizations, pinned pages, and general blog
navigation.
Ref T493
Previously, you could create a post with a title but no body, e.g. by
publishing via email. This would still show the post on a blog, but
would give a 410 Gone page when trying to access the page.
This issue originally reported on the forum:
https://discuss.write.as/t/removing-post-unpublished-by-author-post/725
This is the start of all changes needed to support entirely private
instances, where all blogs are only visible to other authenticated users
on an instance (ref T576). It begins by changing how Handler methods check an
endpoint's permissions.
- Renames UserLevelLEVEL consts to UserLevelLEVELType
- Adds UserLevelLEVEL funcs with same names as previous consts. Each
returns a UserLevel
- Adds a new UserLevelReader that restricts access based on app
configuration. This is now used on collections and posts.
- Changes routing a bit so static files are always accessible
This moves `hostName` to the `Collection` struct, where it's needed. The
field is populated after successful `GetCollection...()` calls.
This isn't the cleanest way to do things, but it accomplishes the goal.
Eventually, we should accept the AppCfg to `GetCollection...()` calls,
or make them `App` methods, instead of `datastore` methods.
Ref T613
this reorders the logic for checking authentication on post deletes to
first check for a provided edit token and after check for an access
token or auth'd user.
Previously, moving an anonymous post to a blog would instantly federate
the post, regardless of its `created` date. This now respects that value
and doesn't federate the post if its `created` date is in the future.
This is the first part of supporting scheduled, federated posts (ref T567)
but technically fixes#76.
This is a field previously supported by PeerTube, and just recently
added on PixelFed, that should inform other ActivityPub services whether
or not comments are enabled on any given post. WriteFreely doesn't
support comments today, so this will always be false.
Previously, our hashtag parser would indiscriminately replace
hashtag-like text with hashtag HTML -- including in places it shouldn't
have, like inside code blocks. Along with the v1.7.0 changes to
writeas/saturday, this fixes that and closes#6.
As a bonus, strings of #spaceless#hashtags#in#a#row are now rendered
correctly.
This allows admin to edit these pages from the web, using Markdown. It
also dynamically loads information on those pages now, and makes loading
`pages` templates a little easier to find in the code / more explicit.
It requires this new schema change:
CREATE TABLE IF NOT EXISTS `appcontent` (
`id` varchar(36) NOT NULL,
`content` mediumtext CHARACTER SET utf8 COLLATE utf8_bin NOT NULL,
`updated` datetime NOT NULL DEFAULT CURRENT_TIMESTAMP,
PRIMARY KEY (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=latin1;
This closes T533
This helps with post importing and clients that want to support post
scheduling. It also changes how Collection.ForPublic() works, no longer
resetting the ID.
Closes T532
Previously this was only supported on
/api/collections/{alias}/posts/{id} -- this also allows it on
/api/posts/{id}, so things like `Announce`s work.
This closes#4