Access rights on messages are derived from the
access rights on the documents they are attached
to. Due to the karma-based nature of the forum
access rights, these do not automatically reflect
on messages, because they are not implemented as
access rules.
The check_mail_message_access() needs to be
overriden to achieve the same effect.
+ allow calling super().check_mail_message_access()
from new API (useful in forward-port)
When a user's karma is driven to a negative value
due to repeated abuse or the posting of spam,
automatically hide all their posts from public
view.
This will reduce the effectiveness of their abuse,
and simplify moderation and cleanup.
For public-facing HTML content provided by the user,
`<style>` tags and `style` attributes should be stripped
automatically, as they can easily be abused to deface
pages for abusive users and spammers.
<style> tags were already stripped, the optional `strip_style`
for fields.html enables the automatic stripping of style
attributes.
This is opt-in because custom style attributes are still
desirable in trusted HTML fields.
The limit on the list of answers and questions posted by
a given forum user is purposely limited to reduce the
performance penalty for displaying them all.
(see 78fa861936)
However seeing the full list is useful for forum moderators
(e.g. when tracking down abuse), and there are only a few
such users with high karma, so enabling it for them is
negligible performance-wise.
Fixes#3955
When comment is created, emails are sent with subject: "Re: False" and footer: "About Forum False".
Now, when the post is a comment, we fallback to the name of the parent (the main forum post).
This is to help forum moderators to fight against
spammers. It was previously difficult as the spammer
profile became unreachable as soon as their karma
went below 1, even if they had other questions
or answers still published.
Use if_dom_contains to check if we need to load js
Fix bug where _tag_to_write_vals was called like old API but model converter was new api
Move IsKarmaValid and Load CKE only in website_forum context
This is a partial patch for issue #3460, pending more
improvements and refinements in master.
Currently the karma penalty is hardcoded to 5*downvote penalty,
which may or may not be sufficient to prevent posting, depending
on the other karma levels.
- fixed voting, karma check could be avoided
- fixed posting comments, now correctly checking karma (not for
notifications)
- fixed bootstraping of users, now not allowed to ask questions by default;
added validation email that gives the first karma points required to
participate
- added tests
While posting new questions and answers the check
for karma limit was bypassed because it was using
super-user mode: use regular user instead.
Also improve the user feedback when karma level is
too low to perform some actions: post comment,
post question, post answer.
The usability in these cases still needs to be
improved.
- avoid to browse on every question/answer, only the 20 most recent ones (need to manually update the view to see the real number of q&a)
- do not render hidden tabs (leakage of information and useless rendering)
- add related fields to speed up vote search (need to be stored to be efficient)
- fixed call to a wrong method
- fixed button display, now based on the standard way of managing karma (popup when
not having the required karma)
- fixed button display karma computation
- some css tweaking for this button