When somebody posts a news article, make it possible to delete it before
it's submitted to moderation (or after it's been withdrawn or bounced),
instead of forcing the user to leave it around ForEver (TM).
Do this by adding some generic functionality for confirmation popups,
that can also be used for other things in the future.
This patch also changes the stylesheets to use CSS vars for all
the colour definitions. Dark mode is enabled automatically if the
users browser prefers it.
Patch by me, with improvements from Jonathan Katz.
Review by Jonathan Katz, Vik Fearing, and Hubert Depesz Lubaczewski.
Whens submitting a new object, the instructions for how to do markdown
didn't show up until after the object had been saved once.
This turns out to be because the performance optimization to take an
empty string markdown and turn it into an empty string html wrote the
(empty) result to the wrong field, thereby overwriting the instructions.
* Get rid of the django_markwhat dependency, and implement our own
classes to get more control. In passing also remove django-markdown,
because we never used that.
* Instead of trying to clean markdown with regexps, use the bleach
library (NEW DEPENDENCY) with special whitelisting of allowed tags
based off standard markdown. This means that one can input links or
formatting in HTML if one prefers, as long as it renders to the same
subset of tags that markdown allows.
* Replace javascript based client side preview with an actual call to a
preview URL that renders the exact result using the same function,
since the use of showdown on the client was increasingly starting to
differ from the server, and since that cannot be kept secure the same
way. Rewrite the client side javascript to work better with the now
longer interval between updates of the preview.
Long in planning, but never got around to it.
Suggestion to use bleach for escaping from David Fetter.
Up to bootstrap 4.4.1 containing a lot of fixes.
While at it, put the version in the filenames, so we don't have to
cache-bust them every time we modify something unrelated, since they do
have well defined versions.
We apparently had some old /admin/ code that used an old version of
jquery-ui, but AFAICT we don't have that anymore. So remove teh loading
of them and also the files, so we have just one version of jquery
around.
When a news article is approved, it gets delivered as an email to the
pgsql-announce mailinglist. It will render the markdown of the news
article into a HTML part of the email, and include the markdown raw as
the text part (for those unable or unwilling to read html mail).
For each organisation, a mail template can be specified. Initially only
two templates are supported, one "default" and one "pgproject" which is
for official project news. The intention is *not* to provide generic
templates, but we may want to extend this to certain related projects in
the future *maybe* (such as regional NPOs).
These templates are stored in templates/news/mail/*.html, and for each
template *all* images found in templates/news/mail/img.<template>/ will
be attached to the email. "Conditional image inclusion" currently not
supported.
To do CSS inlining on top of the markdown output, module pynliner is now
required (available in the python3-pynliner package on Debian).
A testing script is added as news_send_email.py in order to easier test
out templates. This is *not* intended for production sending, so it will
for example send unmoderated news. By sending, it adds it to the
outgoing mailqueue in the system, so unless the cronjob is set up to
send, nothing will happen until that is run manually.
Support is included for tagged delivery using pglister, by directly
mapping NewsTags to pglister tags.
While at it, update the moderation preview forms to preview news items
using the HTML template for the email (while leaving other types of
items previewing without a particular stylesheet).
This includes a number of new features:
* Move some moderation functionality into shared places, so we don't
keep re-inventing the wheel.
* Implement three-state moderation, where the submitter can edit their
item and then explicitly say "i'm done, please moderate this now".
This is currently only implemented for News, but done in a reusable
way.
* Move moderation workflow to it's own set of URLs instead of
overloading it on the general admin interface. Admin interface remains
for editing things, but these are now separated out into separate
things.
* Do proper stylesheet clearing for moderation of markdown fields, using
a dynamic sandboxed iframe, so it's not ruined by the /admin/ css.
* Move moderation email notification into dedicated moderation code,
thereby simplifying the admin subclassing we did which was in some
places quite fragile.
* Reset date of news postings to the date of their approval, when
approved. This avoids some annoying ordering issues.
- Don't use inline event handlers
- Simplify some of the wording
- Replace the package download list with nice buttons
Design by me & Jonathan, code by me, review by Jonathan and others.
Instead of a weirdly located "hover over the checkbox to get a
description" message, put the actual description underneath the
checkboxes. This removes the need for javascript for it, and make the
description a lot more readily available.
This applies only to news tags for now, since that's the only use of
described checkboxes, but hopefully it will make those more clear to
people submitting.
In passing, fix how help_text for multi-checkbox field is shown -- it
was previously shown almost as part of the field name itself, making it
very hard to make out. Now make it look like all other form field help
texts.
* Merge all commands into a single text area for ease of copy/paste.
* Add a Copy Script button to each text area to copy the script (without comments and blanks) to the clipboard.
* Centralise the copy/paste code so it can be used elsewhere.
* Always install the database server.
Based on reviews/discussion with Magnus, Jonathan, Daniel and Sehrope.
From user feedback, the scrolling navigation bar would cause problems with
readability, especially in larger font views. This keeps the navigation bar
pinned to the top, until we can find a way to more easily handle this.
Specifically, the navigation bar now shrinks in height on scroll
and when on devices smaller than 768px. Additionally, the search
box disappears at the 1280px break point to avoid text wrapping.
A JavaScript file was added (main.js) to apply the "compressed"
class when scrolling, which is what provides the menu shrinking.
The base HTML structure enables the responsiveness for the
website. In addition to the primary base template, the generic
page and form templates are also modernized.
Authors: Sarah Conway <sarah.conway@crunchydata.com> and me
This also adds Bootstrap, Font Awesome to the codebase with license info.
Bootstrap and Font Awesome are CSS and font frameworks respectively
that ease modern web development.
The new CSS allows the PostgreSQL.org website to be responsive
based on browser window size as well as provide a modern look
and feel.
The redesign is built on top off the Bootstrap and Font Awesome
CSS and font frameworks respectively.
Authors: Sarah Conway <sarah.conway@crunchydata.com> and me
As the feature matrix is useful for seeing how far PostgreSQL has come, we
still want to keep older versions on display. However, this is causing
problems displaying the newer versions on smaller screens.
This change adds a filter which only shows supported versions by default,
and allows folk to choose which versions they wish to compare. This will
have no effect on browsers with Javascript disabled.
We don't want to use django style headlines and margins in the preview,
we want something that looks a bit more like the main site. It's not
going to be exact (e.g. the colors will still be wrong), but it will
be a lot closer than without this.
This will do simple html detection based on trivial regexps. If HTML is found,
it will replace it with HTML_REMOVED and also show a warning (in red color,
no less) that this is not permitted.
The actual filtering is still done server-side later, so the fact that these
regexps are trickable if you really want to doesn't matter...
Fixes#164
