Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Better control referencing #506

Merged
merged 8 commits into from
Jan 18, 2017
Merged

Better control referencing #506

merged 8 commits into from
Jan 18, 2017

Conversation

Changaco
Copy link
Member

This PR is the first step towards fixing #487.

Our Terms of Service state:

The service normally allows the user to increase the visibility of its profile in various way, but the organization reserves the right to disable the user's access to those features.

However blocking a user's access to "publicity" wasn't actually implemented. Once this PR is deployed all user profiles, as well as community and pledge pages, will have noindex and nofollow turned on by default, and admins will also be able to prevent pages from being listed on Liberapay (hide_from_lists) and appearing in search results (hide_from_search).

I'm tagging this PR with "Self-defense" because it's about preventing "naughty" people from abusing Liberapay.

@Changaco
implement overriding a user's publicity settings
93ca33a 
and apply the override by default to the profile_noindex setting
@Changaco
reset profile_nofollow for all participants
43d0103
@Changaco
get rid of is_hidden column of communities table
1ebe79c 
since every community has a row in the participants table we can use hide_from_lists instead
@Changaco
apply search engine settings to elsewhere pages
babf2cf 
this effectively enables noindex and nofollow on all of them
@Changaco
show users the admin overrides of their settings
29dcd3a
@Changaco Changaco added Review defense protecting ourselves, our users and innocent third-parties labels Jan 17, 2017
@Changaco
Copy link
Member Author

Related issue: liberapay/liberapay.org#15.

@Changaco Changaco merged commit 3f4e92a into master Jan 18, 2017
@Changaco Changaco deleted the control-referencing branch January 18, 2017 13:01
@Changaco
Copy link
Member Author

This is in production, no errors during deployment.

@Changaco
Copy link
Member Author

However, since I chose to apply the schema changes after deployment, postgres.py was still treating the modified participant columns as booleans (this is a corner case that wasn't fixed by liberapay/postgres.py#43). Restarting the workers fixed the problem (rhc ssh liberapay 'cd $OPENSHIFT_REPO_DIR && ./.openshift/action_hooks/post_deploy').

@Changaco
Copy link
Member Author

I completely forgot to add a checkbox for profile_nofollow in the new admin dashboard, doh!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
defense protecting ourselves, our users and innocent third-parties
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@Changaco