Commit graph

798 commits

Author SHA1 Message Date
rr-
9124639564 client/auth: fix user forms reachable via URL 2016-08-23 23:14:05 +02:00
rr-
3c03c001e2 client/auth: fix tag forms reachable via URL 2016-08-23 23:14:05 +02:00
rr-
3ff48667a0 client/auth: fix swapped tag deleting and merging 2016-08-23 23:14:05 +02:00
rr-
34022d8fc8 client/auth: fix not hiding anonymity checkbox 2016-08-23 23:14:05 +02:00
rr-
e90b8972c7 client/auth: fix being able to rate/fav things 2016-08-23 23:12:29 +02:00
rr-
4ca7c49239 client/auth: fix masstag privilege bypass
Visiting mass-tag URL directly ignored masstag privileges and showed
tag/untag controls (although didn't show the controls in the header).
After this change, bypassing mass tag privileges got a little bit
harder. (It's still possible for the user to talk directly to the API
after all.)
2016-08-23 23:12:29 +02:00
rr-
1e9ee0838a client/auth: hide signup link in top nav if needed 2016-08-23 23:12:29 +02:00
rr-
08c6c2c145 client/auth: show errors early in controllers
In other words, verify the privileges client-side before issuing an
request to the server. This commit focuses on routing (e.g. clicking a
link while not logged in), rather than DOM element visibility that
should be already taken care of.
2016-08-23 23:12:29 +02:00
rr-
803a1350fa client/css: colorize 1st note point during drawing 2016-08-23 21:02:18 +02:00
rr-
fd2b4706a6 client/css: adjust thumbnail margins 2016-08-23 20:55:51 +02:00
rr-
124e871022 client/users: stop native completion
Disabled for user registration and editing where it causes more mess
than good.
2016-08-22 21:46:30 +02:00
rr-
fec31d7946 client/users: add exit confirmation for edit form 2016-08-22 21:38:34 +02:00
rr-
ea947ed91e client/tags: add exit confirmation for edit form 2016-08-22 21:38:31 +02:00
rr-
d8d4654849 client/events: adjust event names
1. "change" should be used to passive changes.
2. "submit" should be used to form submits.

These are not interchangeable.
2016-08-22 21:36:45 +02:00
rr-
73a8542220 server/posts: make anon snapshots for anon uploads 2016-08-22 20:07:39 +02:00
rr-
61d084cc66 server/search: support 'submit:' for anon uploads 2016-08-22 19:45:25 +02:00
rr-
d5e197e6ea client/general: add empty href for link buttons
In e464e69 I removed href='#' but I noticed that it broke some things.
Readding href serves two purposes:

- it makes links reachable with Tab key
- it makes links clickable with Enter key

The alternative to this approach was to introduce [tabindex] and [role]
attributes. But not only using tabindex=0 with <a/> is questionable,
it'd require adding a keyboard handler that'd intercept space and return
key presses and simulated link clicks. Since it's best to leave this
kind of thing to the native UI, I went with readding hrefs instead. I
believe that hash hrefs, even though being a common practice, are silly,
so I decided to settle down with empty hrefs.

As a bonus, I added a snippet that prevents middle mouse clicks from
opening such links/buttons in new tabs, which was the motivation for
e464e69.
2016-08-22 01:40:30 +02:00
rr-
44b2d9b830 client/expanders: change appearance 2016-08-22 01:40:30 +02:00
rr-
c7f36c893f client/expanders: extract HTML 2016-08-22 01:40:30 +02:00
rr-
2335aaff20 client/tags: fix outline for focused compact tags
It was being hidden due to overflow: hidden. In other news, I hate CSS.
2016-08-22 01:40:11 +02:00
rr-
0a326972c3 client/tag-input: add 'add' button 2016-08-22 00:54:11 +02:00
rr-
81f14e154e client/tag-input: extract CSS 2016-08-22 00:54:11 +02:00
rr-
d0c0652720 client/tag-input: extract HTML template 2016-08-22 00:54:11 +02:00
rr-
5bcf44aa2d client/posts: implement upload form 2016-08-21 23:43:36 +02:00
rr-
b7e9cbd541 server/posts: allow tagless posts 2016-08-21 23:40:01 +02:00
rr-
f0ed82b0de client/models: fix post list missing comment count 2016-08-21 20:11:38 +02:00
rr-
dbd36256ce client/file-dropper: support Vimperator focus 2016-08-20 22:47:45 +02:00
rr-
03b5e933bf client/file-dropper: add URL support 2016-08-20 22:47:45 +02:00
rr-
ecd50f5c88 client/file-dropper: refactor to use events 2016-08-20 22:47:45 +02:00
rr-
8feac2950b client/file-dropper: fix selecting multiple files 2016-08-20 22:47:45 +02:00
rr-
1f54a127d0 client/posts: fix deleting posts 2016-08-20 13:08:02 +02:00
rr-
28bcbd33b9 server/posts: use SHA1 checksums
This changes the checksums to ones that are compatible with 1.x, which
relieves the migration script from recalculating the checksums for all
the posts.
2016-08-20 13:06:19 +02:00
rr-
9014baab92 client/snapshots: add snapshots browser 2016-08-20 13:01:17 +02:00
rr-
80af79779d server/snapshots: rewrite 2016-08-16 21:51:25 +02:00
rr-
03a7bd0d5c client/api: fix working with UTF8 entity IDs 2016-08-16 21:42:11 +02:00
rr-
65119d69ab server/rest: urldecode incoming paths 2016-08-16 21:42:11 +02:00
rr-
0c2efc0be5 server/rest: work around Python bug 27777
(See http://bugs.python.org/issue27777)
2016-08-16 21:42:11 +02:00
rr-
e89a086d58 server/rest: fix reporting parameter type errors 2016-08-16 21:42:11 +02:00
rr-
ff7bbbdd8a server/db: fix upgrade (regression from 9aea55e) 2016-08-16 21:42:11 +02:00
rr-
6c29377f6b server/db: allow full DSN; use memdb in tests
The earlier commit is still relevant as it allows to integrate real
database when needed.
2016-08-16 21:42:09 +02:00
rr-
e688f39887 server/db: specify nullable for foreign keys
This is mostly stylistic change, but it clearly shows the intended
behavior should we detect more integrity violation errors.
2016-08-16 17:22:33 +02:00
rr-
522886ae6c server/db: fix user cascade deletions 2016-08-16 17:22:33 +02:00
rr-
a224297c4f server/db: poor fix for tag aliases' order
It's a hack, but it seems to work okay.
2016-08-16 17:22:33 +02:00
rr-
48af5160df server/search: fix negative offsets causing ISE 2016-08-16 17:22:33 +02:00
rr-
87b1ee4564 server/tests: use real database
I'm experimenting with snapshots and found following limitation of
SQLite: https://www.sqlite.org/isolation.html
2016-08-16 17:22:33 +02:00
rr-
0320a0b55b server/general: improve versioning effectiveness
...by integrating it with sqlalchemy that adds WHERE conditions for each
UPDATE and DELETE statement.
2016-08-16 17:22:33 +02:00
rr-
ef4af697c4 server/tags: fix tag sorting
Brainfart from d6942121e5
2016-08-14 17:54:15 +02:00
rr-
023ec9a976 client/password-reset: fix event binding
Every time the password reset form was loaded, the form submit event
listener was attached to a non-disposable DOM node rather than the DOM
node whose life scope was bound to the viewed page. As such, submitting
the form, leaving the page, returning back to it and sending the request
again caused the 'submit' event to fire twice - one time from the
non-disposed event handler and one from the current handler. This
resulted in the request being sent twice, and getting two confirmation
messages on the screen.

Fortunately, since the password reset requests are GET requests, they're
intercepted by the internal cache of the client API facade, so the
client just saw duplicate messages without the requests being actually
sent to the backend - meaning no extra mails were sent.
2016-08-14 16:57:46 +02:00
rr-
663aacdf82 server/tools: add lint script
Integrated both pylint and pycodestyle.
2016-08-14 16:46:50 +02:00
rr-
9aea55e3d1 server/general: embrace most of PEP8
Ignored only the rules about continuing / hanging indentation.

Also, added __init__.py to tests so that pylint discovers them. (I don't
buy pytest's BS about installing your package.)
2016-08-14 16:44:03 +02:00