brief sprint C3.b+c+d+e: share-post Line+Brief async, magic-link / invalid-link banners use Brief styling, .alert-* retired — TDD

Closes the C3 brief sprint. Three event sources (note unlock, share invite, login messages) now route through the Brief slide-down, & the legacy .alert-success/.alert-warning rendering in base.html is retired. C3.b — share-post async Line + Brief: - billboard.share_post detects Accept: application/json. JSON path appends a Line (text="Shared with X at <isoformat>", isoformat carries microseconds so two rapid shares of the same email don't collide on Line.unique_together(post,text)), spawns a Brief(kind=SHARE_INVITE) for the sharer, and returns {brief: brief.to_banner_dict() | None, line_text, recipient_display}. Sharer-shares-with-themselves stays a silent no-op (response carries brief: null). Legacy form-submit path preserved for non-AJAX (still redirects + flashes the privacy-safe message — kept for older FTs / no-JS fallback). - billboard.Brief.to_banner_dict() (moved from dashboard.views helper to a model method) shapes the JSON the banner JS consumes. - post.html: share form intercepted by JS — fetches POST w. Accept:application/json, then appends `data.line_text` as the next row in #id_post_table, calls Brief.showBanner(data.brief), and (when registered) appends a fresh `<span class="post-recipient">` to the new #id_post_recipients box. No page reload — the alert-success flash is gone. - 10 new ITs (SharePostAsyncTest + SharePostLegacyRedirectTest) cover the JSON path, line append, brief creation w. SHARE_INVITE kind, registered/unregistered recipient behaviour, sharer-self skip, line dedupe via timestamp, and that the legacy form-submit redirect path still works. - functional_tests.test_sharing line numbering updated: the share now records its own Line so the alice-reply lands at row 3 instead of 2. C3.c+d — magic-link confirmation + invalid-link error use Brief banner styling: - base.html's {% if messages %} block stops rendering .alert-success/.alert-warning divs. Instead each message renders as a transient Brief-styled banner: <div class="note-banner note-banner--message note-banner--{{level_tag}}"> with .note-banner__body / __description carrying the message text and a .btn-cancel NVM that removes the banner via inline onclick. No DB Brief row; no FYI; no square. Same Gaussian-glass look as note-unlock + share-invite Briefs. - _note.scss adds the note-banner--message variant (full-opacity description) + note-banner--error/--warning border-color override (priRd 0.6) so the invalid-link banner reads as red/abandon. C3.e — .alert-success/.alert-warning retired in markup; the SCSS class blocks aren't referenced anywhere else in templates so they sit dormant (left in place — base form styling keeps .form-control etc. working; no need to ripple into _base.scss). Banner JS (note.js / Brief module) was untouched in C3.b+c+d — the Brief.showBanner contract from C3.a already handles all three kinds (NOTE_UNLOCK / USER_POST / SHARE_INVITE) by reading kind off the brief; the message-banner path doesn't go through showBanner because there's no Brief row. Tests: 218 dashboard+billboard+api ITs + 322 lyric+dashboard+billboard ITs + 2 sharing FTs + 9 my_notes FTs + 1 Jasmine FT all green. Existing lyric.test_views login message-text assertions unchanged (they pull from messages framework — not the rendered HTML — so the markup swap doesn't affect them). Code architected by Disco DeDisco <discodedisco@outlook.com> Git commit message Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-08 18:15:43 -04:00
parent fa53bf561a
commit 14bab444ff
8 changed files with 288 additions and 40 deletions
--- a/src/apps/billboard/views.py
+++ b/src/apps/billboard/views.py
@@ -8,8 +8,10 @@ from django.http import HttpResponseForbidden, JsonResponse
 from django.shortcuts import redirect, render

 from apps.applets.utils import applet_context, apply_applet_toggle
+from django.utils import timezone
+
 from apps.billboard.forms import ExistingPostLineForm, LineForm
-from apps.billboard.models import Brief, Post
+from apps.billboard.models import Brief, Line, Post
 from apps.dashboard.views import _PALETTE_DEFS
 from apps.drama.models import GameEvent, Note, ScrollPosition
 from apps.epic.models import Room
@@ -275,13 +277,58 @@ def my_posts(request, user_id):

 def share_post(request, post_id):
    our_post = Post.objects.get(id=post_id)
+    is_ajax = "application/json" in request.headers.get("Accept", "")
+
+    recipient_email = request.POST.get("recipient", "")
+    recipient = None
    try:
-        recipient = User.objects.get(email=request.POST["recipient"])
-        if recipient == request.user:
-            return redirect(our_post)
-        our_post.shared_with.add(recipient)
+        recipient = User.objects.get(email=recipient_email)
    except User.DoesNotExist:
        pass
+
+    # Sharer-tries-to-share-with-themselves: silent no-op (existing behavior).
+    if recipient is not None and recipient == request.user:
+        if is_ajax:
+            return JsonResponse({"brief": None, "line_text": ""})
+        return redirect(our_post)
+
+    if recipient is not None:
+        our_post.shared_with.add(recipient)
+
+    # Always append a Line + spawn a Brief for the sharer — privacy: the
+    # response shape mustn't leak whether the email is on the system. Line
+    # text carries an isoformat timestamp w/ microseconds so two rapid
+    # shares of the same email don't collide on the
+    # Line.unique_together(post, text) constraint.
+    line_text = (
+        f"Shared with {recipient_email} at {timezone.now().isoformat()}"
+    )
+    line = Line.objects.create(post=our_post, text=line_text)
+
+    brief = None
+    if request.user.is_authenticated:
+        brief = Brief.objects.create(
+            owner=request.user,
+            post=our_post,
+            line=line,
+            kind=Brief.KIND_SHARE_INVITE,
+            title="Invite sent",
+        )
+
+    if is_ajax:
+        # recipient_display is populated only when the address resolves to a
+        # registered User — same evidence the server-rendered .post-recipient
+        # list exposes; doesn't widen the privacy surface beyond what the
+        # post detail page already shows publicly.
+        recipient_display = None
+        if recipient is not None:
+            recipient_display = recipient.username or recipient.email
+        return JsonResponse({
+            "brief":             brief.to_banner_dict() if brief is not None else None,
+            "line_text":         line_text,
+            "recipient_display": recipient_display,
+        })
+
    messages.success(request, "An invite has been sent if that address is registered.")
    return redirect(our_post)