| Age | Commit message (Collapse) | Author |
|---|
|
When somebody posts a news article, make it possible to delete it before
it's submitted to moderation (or after it's been withdrawn or bounced),
instead of forcing the user to leave it around ForEver (TM).
Do this by adding some generic functionality for confirmation popups,
that can also be used for other things in the future.
|
|
When the save and submit steps are different, use "Save draft" for the
save button instead of "submit new" -- since the submit is a separate
step.
|
|
Commit c2d58d6 only added the title of the object to notifications when
an object were modified by a moderator/admin, not by the end user. Fix
that to make it consistent.
|
|
|
|
* Get rid of the django_markwhat dependency, and implement our own
classes to get more control. In passing also remove django-markdown,
because we never used that.
* Instead of trying to clean markdown with regexps, use the bleach
library (NEW DEPENDENCY) with special whitelisting of allowed tags
based off standard markdown. This means that one can input links or
formatting in HTML if one prefers, as long as it renders to the same
subset of tags that markdown allows.
* Replace javascript based client side preview with an actual call to a
preview URL that renders the exact result using the same function,
since the use of showdown on the client was increasingly starting to
differ from the server, and since that cannot be kept secure the same
way. Rewrite the client side javascript to work better with the now
longer interval between updates of the preview.
Long in planning, but never got around to it.
Suggestion to use bleach for escaping from David Fetter.
|
|
These will get a notification when they are explicitly submitted for
moderation, so there is no point in having a separate notice sent when
they're created, since there is nothing for the moderators to do at that
point.
|
|
This includes a number of new features:
* Move some moderation functionality into shared places, so we don't
keep re-inventing the wheel.
* Implement three-state moderation, where the submitter can edit their
item and then explicitly say "i'm done, please moderate this now".
This is currently only implemented for News, but done in a reusable
way.
* Move moderation workflow to it's own set of URLs instead of
overloading it on the general admin interface. Admin interface remains
for editing things, but these are now separated out into separate
things.
* Do proper stylesheet clearing for moderation of markdown fields, using
a dynamic sandboxed iframe, so it's not ruined by the /admin/ css.
* Move moderation email notification into dedicated moderation code,
thereby simplifying the admin subclassing we did which was in some
places quite fragile.
* Reset date of news postings to the date of their approval, when
approved. This avoids some annoying ordering issues.
|
|
Since images can be used to drop things like tracking pixels, simply
disallow them in all submissions.
|
|
|
|
With the new django, alerts are raised for everything with status 500,
not juse exceptions. This put a light on a number of places where we
were returning 500 server error code for things that are not actually
server errors. Some should be a regular 200 ok with an error message,
and others should be a permissions error.
|
|
Raising a generic exception generates a http 500 internal error and a
stackdump. Instead raising PermissionDenied appopriately turns it into a
http 403 forbidden response.
|
|
|
|
The way signals are sent for many2many apparently changed completely
between the python2 and python3 versions of the same Django version,
which broke the way we did this before. And it was always a bit of a
hack...
Instead, reimplement notifications in the simple_form handler. This now
also consolidates regular field notificationss and many2many
notifications in a much cleaner way.
This will, however, *only* have an effect on changes made through
simple_form. Luckily that's the most common way we handle forms, with
the exception being /admin/. So leave the old code in place to handle
the changes through /admin/, as well as the deletion of objects.
In the end the only thing lost is the ability to get m2m differences
when an admin makes changes, and that's the least important of all
notification. And as a bonus, the regular change notifications and in
particular "new item" notifications look a lot nicer.
|
|
|
|
|
|
|
|
In a quest to reach pep8, use spaces to indent rather than tabs.
|
|
In passing also clean up a few things that can be passed directly in the
template instead, and simplify things now that we have jquery all the
time.
|
|
|
|
The base HTML structure enables the responsiveness for the
website. In addition to the primary base template, the generic
page and form templates are also modernized.
Authors: Sarah Conway <sarah.conway@crunchydata.com> and me
|
|
This is optional in Django 1.8, but a mandatory change in 1.11.
Backwards compatible.
|
|
|
|
render_to_response does not work on newer django, so it needs to be
replaced. And using a speicfic context actually overcomplicates things,
it's easier to just use a wrapper function. For those cases where we
don't need NavContext, just use render() (the new shortcut function from
django), which also removes the need to use RequestContext.
|
|
This allows the assignment of "hover mouse to show"-descriptions for m2m
fields with multiple checkboxes.
|
|
This includes proper styling (no more centering of the checkbox itself)
and actually saving the m2m fields on submit.
|
|
Clean up the whitespace in the primary Python / HTML files in
order to make it easier to apply changes going forward.
|
|
I still haven't figured out where these come from, but generate a proper
404 when the URL is malformatted rather than trying to render it and
crash with an exception
|
|
This is done by putting #<id> at the end of the URL.
|
|
This uses jQuery to make it possible to enable and disable fields in the
default forms, by specifying an attribute on the form class. The form
class still has to implement proper validators, so it does not rely on
client side validations.
|
|
It was moved down to support ManyToMany value fields for Organisation,
but that is no longer used. If we want to use it for ManyToMany fields
in the future it needs to be split up in two sections, but for now, I'm
moving it back up so it works for regular fields again.
|
|
Previously, one had to specify "new" as objectid to create a new one, but
in some cases it may not be known ahead of time if the object exists or not.
|
|
This fixes organisation submitting again, and also makes it impossible to
orphan oneself from an organisation.
|
|
|
|
on what we're actually doing.
|
|
|
|
with the logged in user as the first manager, or they become orphans before
they're even created...
|
|
when they are created. This is to make sure the organisation list, for example,
doesn't list all non-avaiable organisations when there was a missing field
somewhere else in the form.
|
|
a doc comment.
|
|
|
|
|
|
|
|
without the need to create a separate template. (Anything more
advanced should still use a template, of course)
|
|
(such as looking up the user through an intermediate model)
|
|
just the admin site.
|
|
Contains basic functionality, and an import of most of the static content
from the old site.
There is still plenty more to do...
|
