| Age | Commit message (Collapse) | Author |
|---|
|
|
|
Create a new governance directory page which centralizes access to the
various existing pages for project governance teams and committees. In
passing, also move some content from the wiki to their own pg.o pages
(committers, sysadmins), and create non-existing pages (contributors
committee).
There are undoubtedly some missed opportunities here for general
improvement as well as other unmentioned governance groups, but this is
a good start.
|
|
Moving forwards we'll have three types of sponsors:
- Contributing - those that the sponsor team are responsible for.
- Financial - those who donate to an NPO.
- Servers - those who provide servers/infrastructure.
For the financial sponsors, there are a few rules:
- "NPO" means a recognised NPO, (which includes SPI and PGCA).
- Each NPO may choose whether or not to list any sponsors on this page.
- Each NPO may define the criteria under which sponsors are listed, and
any levels they wish to use.
- Conference/event sponsorship does not count; it must be sponsorship of the
organisation itself.
- Sponsors may be listed once under each NPO they have donated to.
Note that the same sponsor may be listed in any or all of the categories
(contributing, financial, servers).
Patch by myself and Jonathan.
|
|
Once someone has fixed the signups, we should of course re-enable it,
but "no link" is better than a broken link.
|
|
There were no direct links to the CommitFest application from
the developers section, even though CommitFest are a key part of
PostgreSQL development. This adds said links, and provides a brief
explanation of what CommitFest are.
Reviewed-by: Magnus Hagander <magnus@hagander.net>
|
|
eccfb71c did not correctly invite people who were not in the
allow-listed domains. This uses a "shared join" link that
allows this to occur.
This is considered a temporary fix to ensure new users can still
sign up for the community Slack account. A future commit will
direct people to a better solution.
Reported-by: Stephen Frost <sfrost@snowman.net>
|
|
This pointed at a previous resource used to moderate sign-in that
has sinced been removed.
Author: Melih Mutlu <m.melihmutlu@gmail.com>
Author: Jonathan Katz <jonathan.katz@excoventures.com>
|
|
When somebody posts a news article, make it possible to delete it before
it's submitted to moderation (or after it's been withdrawn or bounced),
instead of forcing the user to leave it around ForEver (TM).
Do this by adding some generic functionality for confirmation popups,
that can also be used for other things in the future.
|
|
|
|
When the save and submit steps are different, use "Save draft" for the
save button instead of "submit new" -- since the submit is a separate
step.
|
|
Raising an exception triggers an email-to-admin-action, and the whole
reason we have this NUL check is to *avoid* triggering those emails...
Hopefully explicitly returning a 400 HttpResponse will maek them go
away.
|
|
This would already not work at a lower layer, but would typically
generate an internal server error exception instead of just an error
message.
Instead, put an explicit check in the middleware that's already
validating the query parameters and reject them with a 400 error.
|
|
|
|
This was broken when the querystring limiter was put in place
in 0724c08e402d0bffb0eb53192c4363dac1311fe3.
|
|
Require each view to declare which query parameters it wants, and filter
out any other parameters.
We have very few views that actually take query parameters, and random
additional query patterns will have no effect on the view. However, they
will break frontend caching (in making them look like different pages).
This will be extended into an implementation in the caching frontends as
well, btu it's needed in the backend to ensure that local testing will
have tbe same effect as the caches.
|
|
|
|
* Move links to current manuals to /docs/, decommission /docs/manuals/
* Add link to /docs/current/ with a large button
* Add links to /docs/devel/ at the bottom of the version table
* Remove translated manuals from left nav menu, since they are in the
right one
* Remove redundant wording around "comprehensive manual"
* Clean up some incorrect template tags
Discussion: https://www.postgresql.org/message-id/CABUevEymaWDL4JywHxBDBATUUPPrAf4_tGwin4CtGFdQ5tx5Hg@mail.gmail.com
|
|
Commit c2d58d6 only added the title of the object to notifications when
an object were modified by a moderator/admin, not by the end user. Fix
that to make it consistent.
|
|
Should make the notifications a lot more useful without clicking
through.
|
|
|
|
If an xkey tag is already set on a response when it reaches the
middleware, add it to the set of automated xkeys generated from the
templates instead of overwriting it.
|
|
We don't have non-ascii characters in any of our correct URLs, but
people can still specify them on the URL. In this case the xkey isn't
going to match anything anyway, so it is not critical how we handle it,
especially since the generated page is going to be a 404 anyway. So just
use the simple built-in replace function.
|
|
|
|
* Get rid of the django_markwhat dependency, and implement our own
classes to get more control. In passing also remove django-markdown,
because we never used that.
* Instead of trying to clean markdown with regexps, use the bleach
library (NEW DEPENDENCY) with special whitelisting of allowed tags
based off standard markdown. This means that one can input links or
formatting in HTML if one prefers, as long as it renders to the same
subset of tags that markdown allows.
* Replace javascript based client side preview with an actual call to a
preview URL that renders the exact result using the same function,
since the use of showdown on the client was increasingly starting to
differ from the server, and since that cannot be kept secure the same
way. Rewrite the client side javascript to work better with the now
longer interval between updates of the preview.
Long in planning, but never got around to it.
Suggestion to use bleach for escaping from David Fetter.
|
|
|
|
In commit 7f8a0a56dd1fb5dedb5c04a872ce940ae7c891b4 we replaced the way
the "core" app is loaded, and this broke the generation of sitemap
entries for it. Oops.
|
|
This will trigger the same reset-your-password email as a user initiated
one, but it'll cut out one step and be a bit more user friendly...
Also, if this is done with an OAuth connected account, it will be
converted into a regular one (something we don't allow the end user to
do, for support reasons)
This also adds an entry to the user editor in the admin view that shows
if the user *is* an oauth user or not, or if they might have an old
"unmigrated" password.
|
|
These will get a notification when they are explicitly submitted for
moderation, so there is no point in having a separate notice sent when
they're created, since there is nothing for the moderators to do at that
point.
|
|
When a news article is approved, it gets delivered as an email to the
pgsql-announce mailinglist. It will render the markdown of the news
article into a HTML part of the email, and include the markdown raw as
the text part (for those unable or unwilling to read html mail).
For each organisation, a mail template can be specified. Initially only
two templates are supported, one "default" and one "pgproject" which is
for official project news. The intention is *not* to provide generic
templates, but we may want to extend this to certain related projects in
the future *maybe* (such as regional NPOs).
These templates are stored in templates/news/mail/*.html, and for each
template *all* images found in templates/news/mail/img.<template>/ will
be attached to the email. "Conditional image inclusion" currently not
supported.
To do CSS inlining on top of the markdown output, module pynliner is now
required (available in the python3-pynliner package on Debian).
A testing script is added as news_send_email.py in order to easier test
out templates. This is *not* intended for production sending, so it will
for example send unmoderated news. By sending, it adds it to the
outgoing mailqueue in the system, so unless the cronjob is set up to
send, nothing will happen until that is run manually.
Support is included for tagged delivery using pglister, by directly
mapping NewsTags to pglister tags.
While at it, update the moderation preview forms to preview news items
using the HTML template for the email (while leaving other types of
items previewing without a particular stylesheet).
|
|
This includes a number of new features:
* Move some moderation functionality into shared places, so we don't
keep re-inventing the wheel.
* Implement three-state moderation, where the submitter can edit their
item and then explicitly say "i'm done, please moderate this now".
This is currently only implemented for News, but done in a reusable
way.
* Move moderation workflow to it's own set of URLs instead of
overloading it on the general admin interface. Admin interface remains
for editing things, but these are now separated out into separate
things.
* Do proper stylesheet clearing for moderation of markdown fields, using
a dynamic sandboxed iframe, so it's not ruined by the /admin/ css.
* Move moderation email notification into dedicated moderation code,
thereby simplifying the admin subclassing we did which was in some
places quite fragile.
* Reset date of news postings to the date of their approval, when
approved. This avoids some annoying ordering issues.
|
|
Since images can be used to drop things like tracking pixels, simply
disallow them in all submissions.
|
|
The French docs had one link in http and one in https as noted by
Lætitia. In passing I also adjusted the japanese to link to the https
version directly as one is available. The remaining one (Chinese) does
not appear to have a responding https server, so that one is left as
http.
|
|
- Don't use inline event handlers
- Simplify some of the wording
- Replace the package download list with nice buttons
Design by me & Jonathan, code by me, review by Jonathan and others.
|
|
The collection facility was added in
[200~9e70a4e0c32f8db0178f05dac4c1fca7b317e7c5, but no way was added to
view it. To make it a bit more useful, add a static set of info on the
user edit page in /admin/ that shows the last login and number of logins
per site.
|
|
|
|
|
|
Most of our auto-generated emails should not ask for auto replies (like
out of office messages or in particular, "held for moderation" notices
from our own list server), so set this header by default, and also the
header indicating if it's an auto submitted/auto replied message.
Specifically allow auto replies on moderation notices, since that's a
case where it might be really interesting for the moderator to see for
example an out of office message. At least for now that seems like a
good idea.
|
|
|
|
This provides information about other projects that people can
contribute to outside of the core PostgreSQL software. Includes
descriptions of each project, how they are used, and how one can
get involved.
Authors: Andreas 'ads' Scherbaum <ads@pgug.de>, myself
|
|
With the new django, alerts are raised for everything with status 500,
not juse exceptions. This put a light on a number of places where we
were returning 500 server error code for things that are not actually
server errors. Some should be a regular 200 ok with an error message,
and others should be a permissions error.
|
|
|
|
|
|
Raising a generic exception generates a http 500 internal error and a
stackdump. Instead raising PermissionDenied appopriately turns it into a
http 403 forbidden response.
|
|
|
|
Pointed out by newer versions of pep8, but they were never correct.
|
|
This is frowned upon in newer versions of pep8, so fix it once and for
all.
|
|
This was partially implemented through the system, and given that the
community auth system already assumes email is unique there is no need
to not expose it to the actual login process as well.
|
|
s/tring/string/
|
|
pycrypto is not being maintained, and pycryptodome is theoretically
a drop-in replacement (in practice, it seems it was close)
|
|
|
