Previously, we had some ugly complicated logic through which we
attempted to keep the selected message on screen when prepending
messages, but we didn't actually preserve the scroll position -- the
selected message would jump on the screen. This fixes that, by just
saving/restoring the scroll position of the selected message.
This perhaps makes our model/view split even less clear, but at least
it's correct.
(imported from commit 0a01450bbbcdf1b45c891d0570c9fcfb11769315)
message_list.prepend() now actually only rerenders the new messages
when prepending using the where="top" functionality (previously it
would erroneously just adjust the message database and then wait for
message_list.append() to call _maybe_rerender(), determine that things
are awry, and rerender the whole message list).
(imported from commit c64b7b540a4f5332ad792de0fad9f20750e6db1c)
This has two benefits:
(1) Users can scroll their last message to near the top of the screen,
which decreases how often one needs to scroll down to track current
messages.
(2) It makes scrolling bugs near the bottom of the screen a lot easier
to find, because scrolling down too far isn't blocked by being unable
to scroll messages off the screen.
We should probably later convert this to some formula that varies
dynamically based on the height of the last message.
(imported from commit 41954fecd9efb43820ed1ccb5210283c17752f51)
It turns out that this code tries to place the initial pointer 1/7
from the top; the only reason something reasonable happened
historically is that bottom_whitespace was only 40% of the screen, so
the pointer message ends up landing in the center anyway.
(imported from commit 56d4c2acd018d9a87551c82a43c214c6d80bfb90)
Previously we incorrectly would sometimes trigger autoscroll when
messages arrived via get_old_messages (i.e. we loaded some historical
messages from the server). This resulted in some confusing and
erroneous scrolling behavior.
I kinda hate the fact that we need to pass these values all the way
through the rendering process, but fundamentally there's no other way
for _render to find out, and pushing the autoscrolling higher up in
the stack is hard since we don't return anything like the block of new
messages.
(imported from commit c5ed27f1b21691a21c68ed7e09cff8e3e4a75e76)
This is purely cosmetic, and just puts some similar functions
together in a way that JS lint won't complain about calling a
function before it was defined.
(imported from commit 8a5a81ae5b7ca7dbaa60147ae4f32f50b1cbbf3a)
To apply this to your system, run:
python manage.py update_permissions
A rebuilt database will already have the correct permission defined.
(imported from commit 5b826b940257e14b3e9e44f9c32b20ed0183dedf)
On a Debian/Ubuntu system with the Ops repo installed, you can add this
dependency by running:
sudo apt-get install python-django-guardian
We use a slightly modified version of the package, so users of other
systems should manually download the source from my GitHub fork and
install it as they would any other Python library:
https://github.com/lfaraone/django-guardian/archive/lfaraone-noanon.zip
guardian uses South for migrations. To apply the guardian schema to your
database, run:
python manage.py migrate guardian
(imported from commit 12eaf4ded91e180c3245a44bacfb5b98b660147d)
This creates the required model fields to use the Django permissions
framework or various other third-party frameworks.
To apply this commit, run:
python manage.py migrate zephyr
(imported from commit a14fa7552c5389522d15edecedfd8a34418bb23d)
save it. This fixes the "Humbug note:" error on old messages that
do not have rendered_content in the DB.
(imported from commit f4664d712fc40e4af9eb12eae74f37d100499def)
Now we can begin the transition of the app to the same interface that our
API clients use.
(imported from commit 5b5001237722692f27f5de687f01d97fa0b87ed0)
This would have made reactivations hard, and doesn't really buy us much
additional security.
During deactivation, all a user's current sessions are deactivated and
they are marked as not active. This prevents them from logging in via
the web UI, and makes their API key unusable.
Randomizing their password is probably gratuitious, especially as we
start to allow authorized end-users to deactivate others.
(imported from commit c63d23816da0452a1df821f2fa6c1db2761733da)
Prior to this commit, populate_db would crash if you had ever deactivated
a user in your development instance's message log.
(imported from commit 227b2c0226a46ef5680443d3dbf62a13ce961e64)
This reduces roundtrips hopefully and will provide a friendlier error
message than what would otherwise be produced by Django.
(imported from commit 034aeef00043e3bf059583770f6c08c4f73ceeb5)
This allows us to inform users that the reason they are unable to log in
is because their account has been deactivated. This message (generated by
Django) is only shown when the correct credentials are used and is_active
is False.
(imported from commit 754a4c9af6ec05e8f18cf183bc08b67bacdeb3e0)
Previously we rested on the safety of randomised API keys to ensure that
deactivated users could not use the product. Here, we add an explicit check
to prevent that.
(imported from commit e32f355fb35b898d43503b96efb291f795aac881)