diff options
Diffstat (limited to 'docs/_posts/2020-03-04-v3.0.md')
| -rw-r--r-- | docs/_posts/2020-03-04-v3.0.md | 147 | 
1 files changed, 147 insertions, 0 deletions
| diff --git a/docs/_posts/2020-03-04-v3.0.md b/docs/_posts/2020-03-04-v3.0.md new file mode 100644 index 000000000..e36f22c69 --- /dev/null +++ b/docs/_posts/2020-03-04-v3.0.md @@ -0,0 +1,147 @@ +--- +layout: post +title: Version 3.0 +author: matthew +--- + +<div class="r" align="right"> +<a data-flickr-embed="true" href="https://www.flickr.com/photos/iqremix/23232339432/" title="Follow the Yellow Line"><img src="https://live.staticflickr.com/750/23232339432_66b398ac1c.jpg" width="500" height="333" alt="Follow the Yellow Line"></a><script async src="//embedr.flickr.com/assets/client-code.js" charset="utf-8"></script> +</div> + +It has been quite a while since the last release, apologies, but today +we are happy to be releasing **version 3.0** of the FixMyStreet Platform, +which has a number of improvements. + +### Front end improvements + +* FixMyStreet can now be installed as a progressive web app. This means we've +added a web manifest (and an admin UI for managing this) and a basic service +worker that shows a page if you're offline, and continues the functionality of +allowing staff users to store and view their shortlisted reports offline. + +  If you serve your site over HTTPS, you will be able to add the website to +your homescreen (browsers may prompt the user) and have it work like an app. +This provides us with a solid base on which to continue improving this in +future, including hopefully adding functionality such as offline report drafting +through the web site. + +  <div class="r" style="height:217px;overflow:hidden"> +    <a href="https://user-images.githubusercontent.com/739624/58807589-406d1480-8610-11e9-8208-ca71e3e0424f.png"> +      <img style="margin-top:-450px" alt="Screenshot of mobile filters" src="https://user-images.githubusercontent.com/739624/58807589-406d1480-8610-11e9-8208-ca71e3e0424f.png"> +    </a> +  </div> + +* Various improvements have been made to the site on mobile – the "try again" process +is clearer, duplicate suggestions show an inline map, the photo upload message is +better, and map filters can now be accessed. + +* Category groups are now used wherever a category list is shown – admin pages, +map filters, and so on; and you can pass a `filter_category` or `filter_group` +parameter to the front page or around page to pre-select that option, which +makes it easier to deep link to FixMyStreet from a page or form on another site. + +* <img src="https://user-images.githubusercontent.com/4776/71002776-e4636c80-20d7-11ea-995b-72cfec673f73.png" +align="right" style="max-width:25%" hspace="8" alt="Screenshot of map geolocation blue dot"> + +  If you use geolocation, your location will now be displayed on the map, as +shown in the screenshot. + +* As asked for a few times on our mailing list, we now use a report's image as +its OpenGraph image on an individual report page when shared. + +* We've added XSL to our RSS feeds which means browsers no longer display them +as raw XML but as a nice simple web page that explains its purpose. Before +and after shots below: + +<div style="height:250px; overflow:hidden; text-align: center"> +<img alt="RSS feed before changes, raw XML" hspace="8" align="top" style="max-width:40%" src="https://user-images.githubusercontent.com/154364/68796646-24ec4800-064b-11ea-8c21-607fc8198fb9.png"> +<img alt="RSS feed after changes, looks much nicer" hspace="8" align="top" style="max-width:40%" src="https://user-images.githubusercontent.com/739624/68948832-a9a4a680-07b0-11ea-9e7b-4d53e329a35a.png"> +</div> + +### Security + +All template variables are now automatically escaped by default, to help +protect against any future XSS vulnerabilities. We also rotate the user's +session ID after successful login, and scrub the admin description fields. + +If any of your own templates outputs a variable that contains HTML that you +wish to continue to allow to display as HTML, you will need to alter your +template to escape the variable with the `safe` filter, e.g. `[% some_html | +safe %]`. + +### Admin improvements + +* FixMyStreet now has a new roles system, allowing you to create groups of +permissions and apply those roles to users. + +  <div class="r" style="height:280px;overflow:auto"><a href="https://user-images.githubusercontent.com/739624/65964516-0e03e480-e455-11e9-8c56-f4bb78096918.png"><img alt="Category edit form screenshot" src="https://user-images.githubusercontent.com/739624/65964516-0e03e480-e455-11e9-8c56-f4bb78096918.png"></a></div> + +* The category edit form has been drastically improved; category names can now be +edited, categories can be listed under more than one group, and categories or +particular extra questions can disable the reporting form (for e.g. emergency +"please call" categories or questions). + +* Two-factor authentication can be used by any staff member, and you can choose +to optionally enforce it for all staff. + +* The admin report edit page now stores moderation history, like the front end, +  and you can now view a user's admin log history. + +* <img alt="Heatmap web page" src="https://user-images.githubusercontent.com/4776/72752804-0eb6b700-3bbb-11ea-915b-5afde5235014.png" +  align="right" style="max-width:50%" hspace="8"> + +  We've added a heatmap dashboard for staff users, which can show hotspots. +To enable this, you will need to add `heatmap: { yourcobrand: 1 }` to your +`COBRAND_FEATURES` configuration. + +* There's a new "staff only" contact state, for categories that can only be +  used by staff. + +* Staff users can report as other users even if they only have a name, +  and can sign other people up to alerts. + +### Bugfixes + +Of course there have been a lot of bugfixes as well. One I remember is +when going back to the initial state with popstate, a change event was +being triggered on every single option of the filter selects. This led +to a lot of change events running on the category/status multi-selects +which then needlessly repeated the same activities over and over. This +locked up the browser for seconds in locations with many categories. +Below is a chart showing browser performance before and after: + + + + +### Development improvements + +We've upgraded the underlying framework and other packages, added a banner to +the staging website/emails to make it obvious when you're in development, added +configuration for admin resending, a Content-Security-Policy header, and +stopped hard coding the site name in the database fixture. + +### Open311 improvements + +* It is now possible for an external Open311 service to POST updates on a report +to FixMyStreet, rather than have FixMyStreet poll an external service for updates. + +* Email templates can include a placeholder to include the description fetched +  from the Open311 server in the update. + +* Private reports are supported, in that an Open311 server can mark a category +  as private which will then automatically mark all reports sent and received +  in that category as private. + +* Meta questions added in the admin can be marked as protected so that they +  won't be overridden by data fetched from an Open311 server. This is useful +  for e.g. an "emergency" question that the Open311 server does not care about. + +### Upgrading + +As mentioned above, but it is worth repeating, if any of your own templates +outputs a variable that contains HTML that you wish to continue to allow to +display as HTML, you will need to alter your template to escape the variable +with the `safe` filter, e.g. `[% some_html | safe %]`. + +A full list of changes can be seen in the +[changelog](https://github.com/mysociety/fixmystreet/releases/tag/v3.0) as usual. | 
