Dates now display on blog post pages if the collection's chosen display
format is "Blog". It updates the chorus-collection-post template to now
respect this value (previously, it always showed the date).
Ref T669
a user who had previously authenticated on a protected collection would
still see the post after the owner was silenced, with a banner meant for
the owner displayed.
Previously, fetching ActivityStreams data about a post via
/api/posts/ID, instead of /api/collections/ALIAS/posts/SLUG wouldn't
include the instance's base URL. This fixes that.
Previously, this check would return a "user not found" error when
retrieving a collection post by its post ID, e.g. /api/posts/abc123
instead of /api/collections/demo/posts/my-slug -- this happens
particularly when `Announce`ing a post in the fediverse. This change
fixes that.
the change to take a hostname in Post.CanonicalURL broke a few template
using that function. This adds a Hostname string to the Post being
passed to templates and passes it to calls to Post.CanonicalURL
This includes the instance's hostname in calls to export a CSV file and
PublicPost.CanonicalURL().
It also fixes a panic in that method during CSV export caused by draft
posts.
- update error messages to be correct
- move suspended message into template and include for other pages
- check suspended status on all relevant pages and show message if
logged in user is suspended.
- fix possible nil pointer error
- remove changes to db schema files
- add version comment to migration
- add UserStatus type with UserActive and UserSuspended
- change database table to use status column instead of suspended
- update toggle suspended handler to be toggle status in prep for
possible future inclusion of further user statuses
This renders all requests for that user's posts, collections and related
ActivityPub endpoints with 404 responses.
While suspended, users may not create or edit posts or collections.
User status is listed in the admin user page
Admin view of user details shows status and now has a button to activate
or suspend a user.
instead of updating it later. This is more correct behavior, prevents an
additional query, and ensures that potential collection-creation when
claiming posts also respects the default (which it didn't before).
Ref T675
This adds a new config value: `chorus` that signifies an instance is
more about the Reader view than individual blogs / writers. When
enabled, user navigation will show on all pages, including About,
Reader, and Privacy (ref T680).
It also uses different collection templates that keep the instance-wide
navigation at the top of the page, instead of the author's name --
again, branded more for the collective than the individual.
Ref T681
This fixes a bug that occurred only when publishing via API and
authenticating via token (rather than cookie).
Previously, the instance's hostname wouldn't be added to the Collection
that got passed around after retrieving the owned post, meaning an
incomplete URL was returned in the API response, and federation failed due
to the missing host.
This displays the "page is missing" text within the same page as any
other blog post, keeping customizations, pinned pages, and general blog
navigation.
Ref T493
Previously, you could create a post with a title but no body, e.g. by
publishing via email. This would still show the post on a blog, but
would give a 410 Gone page when trying to access the page.
This issue originally reported on the forum:
https://discuss.write.as/t/removing-post-unpublished-by-author-post/725
This is the start of all changes needed to support entirely private
instances, where all blogs are only visible to other authenticated users
on an instance (ref T576). It begins by changing how Handler methods check an
endpoint's permissions.
- Renames UserLevelLEVEL consts to UserLevelLEVELType
- Adds UserLevelLEVEL funcs with same names as previous consts. Each
returns a UserLevel
- Adds a new UserLevelReader that restricts access based on app
configuration. This is now used on collections and posts.
- Changes routing a bit so static files are always accessible
This moves `hostName` to the `Collection` struct, where it's needed. The
field is populated after successful `GetCollection...()` calls.
This isn't the cleanest way to do things, but it accomplishes the goal.
Eventually, we should accept the AppCfg to `GetCollection...()` calls,
or make them `App` methods, instead of `datastore` methods.
Ref T613
this reorders the logic for checking authentication on post deletes to
first check for a provided edit token and after check for an access
token or auth'd user.
Previously, moving an anonymous post to a blog would instantly federate
the post, regardless of its `created` date. This now respects that value
and doesn't federate the post if its `created` date is in the future.
This is the first part of supporting scheduled, federated posts (ref T567)
but technically fixes#76.