If text area was bigger than the post, switching to preview mode
showed gray space under the text. Now the preview pane's background
should fill the whole edit box size.
API responses are cached internally - if they're modified, they're
modified in cache too. This can lead to certain anomalies, that can be
easily solved by making object copies.
- Don't cache default category in its entirety - cache only its name
- Purge cache on category name changes and default category changes
- Lock records for updates where applicable
Using sqlalchemy's subqueryload to fetch tags works like this:
1. Get basic info about posts with query X
2. Copy query X
3. SELECT all tags WHERE post_id IN (SELECT post_ids FROM query X)
4. Associate the resulting tags with the posts
When original query contains .order_by(func.random()), it looks like
this:
1. SELECT post.* FROM post ORDER BY random() LIMIT 10
2. Copy "ORDER BY random() LIMIT 10"
3. SELECT tag.* FROM tag WHERE tag.post_id IN (
SELECT id FROM post ORDER BY random() LIMIT 10)
4. Disaster! Each post now has completely arbitrary tags!
To circumvent this, we replace eager loading with lazy loading. This
generates one extra query for each result row, but it has no chance of
producing such anomalies. This behavior is activated only for
queries containing "sort:random" and derivatives so it shouldn't hit
performance too much.
Rather than flushing the post right away only to find out that there
were validation errors, try to postpone flushing for as long as
possible.
The previous behavior has led to too eager spending of post IDs - each
flush calls nextval(post_id_seq), and postgres sequences are not
affected by transaction rollbacks, so each erroneous post creation
discarded a post ID, which has led to gaps in post IDs.
Visiting mass-tag URL directly ignored masstag privileges and showed
tag/untag controls (although didn't show the controls in the header).
After this change, bypassing mass tag privileges got a little bit
harder. (It's still possible for the user to talk directly to the API
after all.)
In other words, verify the privileges client-side before issuing an
request to the server. This commit focuses on routing (e.g. clicking a
link while not logged in), rather than DOM element visibility that
should be already taken care of.
In e464e69 I removed href='#' but I noticed that it broke some things.
Readding href serves two purposes:
- it makes links reachable with Tab key
- it makes links clickable with Enter key
The alternative to this approach was to introduce [tabindex] and [role]
attributes. But not only using tabindex=0 with <a/> is questionable,
it'd require adding a keyboard handler that'd intercept space and return
key presses and simulated link clicks. Since it's best to leave this
kind of thing to the native UI, I went with readding hrefs instead. I
believe that hash hrefs, even though being a common practice, are silly,
so I decided to settle down with empty hrefs.
As a bonus, I added a snippet that prevents middle mouse clicks from
opening such links/buttons in new tabs, which was the motivation for
e464e69.