From 79372b0f73964381257e9f3182fc46eeeb831337 Mon Sep 17 00:00:00 2001
From: Matt <bedrocks@gmail.com>
Date: Sat, 12 Nov 2016 12:04:40 -0600
Subject: [PATCH 1/9] Stub out a list of suspicious accounts.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Part of #557. This covers the logic; it’s mostly a duplicate of
`dashboard/index` with the buttons removed (admins can mark/unmark
suspicious on the profile itself).

Obviously needs to be put into a site template for ~users to see, and
only needs the list, not the other frame.
---
 www/dashboard/suspicious.spt | 51 ++++++++++++++++++++++++++++++++++++
 1 file changed, 51 insertions(+)
 create mode 100644 www/dashboard/suspicious.spt

diff --git a/www/dashboard/suspicious.spt b/www/dashboard/suspicious.spt
new file mode 100644
index 0000000000..ca73707c71
--- /dev/null
+++ b/www/dashboard/suspicious.spt
@@ -0,0 +1,51 @@
+from aspen import Response
+
+[---]
+suspicious = website.db.all("""
+
+    SELECT username
+         , balance
+         , (SELECT SUM(amount) FROM current_payment_instructions WHERE participant_id = p.id) AS giving
+         , (SELECT COUNT(*) FROM current_payment_instructions WHERE participant_id = p.id AND amount > 0) AS ngiving_to
+      FROM participants p
+     WHERE is_suspicious IS true
+       AND NOT is_closed
+  ORDER BY claimed_time
+
+""")
+
+title = _("Fraud Review Dashboard")
+[---] text/html
+<script src="{{ website.asset('jquery.min.js') }}"></script>
+<script src="{{ website.asset('gratipay.js') }}"></script>
+<style>
+    table {
+        width: auto;
+    }
+    td, th {
+        text-align: left;
+        vertical-align: top;
+    }
+    iframe {
+        width: 70%;
+        height: 100%;
+        position: fixed;
+        top: 0;
+        right: 0;
+        background: white;
+    }
+</style>
+
+<h3>Suspicious Accounts (N = {{ len(suspicious) }})</h3>
+<table>
+{% for account in suspicious %}
+    <tr data-username="{{ account.username }}">
+        <td>
+            <a href="/~{{ account.username }}/" target="drill-down">{{ account.username }}</a>
+        </td>
+        <td>${{ account.giving }}</td>
+        <td>{{ account.ngiving_to }}</td>
+    </tr>
+{% endfor %}
+</table>
+<iframe name="drill-down"></iframe>

From f42b5e6cd99988a28f0cdc2bb23aa1c4ec65ae64 Mon Sep 17 00:00:00 2001
From: Matt <bedrocks@gmail.com>
Date: Sat, 12 Nov 2016 17:46:10 -0600
Subject: [PATCH 2/9] Stub out public-facing suspicious list

---
 www/about/fraud/suspicious.spt | 57 ++++++++++++++++++++++++++++++++++
 1 file changed, 57 insertions(+)
 create mode 100644 www/about/fraud/suspicious.spt

diff --git a/www/about/fraud/suspicious.spt b/www/about/fraud/suspicious.spt
new file mode 100644
index 0000000000..f806292abe
--- /dev/null
+++ b/www/about/fraud/suspicious.spt
@@ -0,0 +1,57 @@
+from aspen import Response
+
+[---]
+suspicious = website.db.all("""
+
+    SELECT username
+         , balance
+         , (SELECT SUM(amount) FROM current_payment_instructions WHERE participant_id = p.id) AS giving
+         , (SELECT COUNT(*) FROM current_payment_instructions WHERE participant_id = p.id AND amount > 0) AS ngiving_to
+      FROM participants p
+     WHERE is_suspicious IS true
+       AND NOT is_closed
+  ORDER BY claimed_time
+
+""")
+
+title = _("Suspicious Accounts")
+[---] text/html
+{% extends "templates/about.html" %}
+{% block content %}
+
+<p>If your account is listed and you don't think you're suspicious, please contact <a href="mailto:support@gratipay.com">support@gratipay.com</a></p>
+
+<script src="{{ website.asset('jquery.min.js') }}"></script>
+<script src="{{ website.asset('gratipay.js') }}"></script>
+<style>
+    table {
+        width: auto;
+    }
+    td, th {
+        text-align: left;
+        vertical-align: top;
+    }
+    iframe {
+        width: 70%;
+        height: 100%;
+        position: fixed;
+        top: 0;
+        right: 0;
+        background: white;
+    }
+</style>
+
+<h3>Suspicious Accounts (N = {{ len(suspicious) }})</h3>
+<table>
+{% for account in suspicious %}
+    <tr data-username="{{ account.username }}">
+        <td>
+            <a href="/~{{ account.username }}/" target="drill-down">{{ account.username }}</a>
+        </td>
+        <td>${{ account.giving }}</td>
+        <td>{{ account.ngiving_to }}</td>
+    </tr>
+{% endfor %}
+</table>
+
+{% endblock %}
\ No newline at end of file

From 173be9c068c1df94227cd778a58d2d041ec4b60b Mon Sep 17 00:00:00 2001
From: Matt <bedrocks@gmail.com>
Date: Sat, 12 Nov 2016 17:54:08 -0600
Subject: [PATCH 3/9] Clean up public suspicious list

---
 www/about/fraud/suspicious.spt | 17 +++++++++++++++--
 1 file changed, 15 insertions(+), 2 deletions(-)

diff --git a/www/about/fraud/suspicious.spt b/www/about/fraud/suspicious.spt
index f806292abe..1c316c2576 100644
--- a/www/about/fraud/suspicious.spt
+++ b/www/about/fraud/suspicious.spt
@@ -41,8 +41,14 @@ title = _("Suspicious Accounts")
     }
 </style>
 
-<h3>Suspicious Accounts (N = {{ len(suspicious) }})</h3>
-<table>
+<table class="table">
+<thead>
+            <tr>
+                <th>{{ _("~User") }}</th>
+                <th>{{ _("Giving") }}</th>
+                <th>{{ _("n") }}</th>
+            </tr>
+        </thead>
 {% for account in suspicious %}
     <tr data-username="{{ account.username }}">
         <td>
@@ -52,6 +58,13 @@ title = _("Suspicious Accounts")
         <td>{{ account.ngiving_to }}</td>
     </tr>
 {% endfor %}
+        <tfoot>
+            <tr>
+                <td>N = {{ len(suspicious) }}</td>
+                <td></td>
+                <td></td>
+            </tr>
+        </tfoot>
 </table>
 
 {% endblock %}
\ No newline at end of file

From 00640e520830384e95cafd6e73df326c30dfb396 Mon Sep 17 00:00:00 2001
From: Matt <bedrocks@gmail.com>
Date: Sat, 12 Nov 2016 17:58:23 -0600
Subject: [PATCH 4/9] Tweak word.

---
 www/about/fraud/suspicious.spt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/www/about/fraud/suspicious.spt b/www/about/fraud/suspicious.spt
index 1c316c2576..ea67c7fe5a 100644
--- a/www/about/fraud/suspicious.spt
+++ b/www/about/fraud/suspicious.spt
@@ -46,7 +46,7 @@ title = _("Suspicious Accounts")
             <tr>
                 <th>{{ _("~User") }}</th>
                 <th>{{ _("Giving") }}</th>
-                <th>{{ _("n") }}</th>
+                <th>{{ _("nGiving") }}</th>
             </tr>
         </thead>
 {% for account in suspicious %}

From 2aef46c0d4053f40e1d0097b7b00e4e7b9787d68 Mon Sep 17 00:00:00 2001
From: Matt <bedrocks@gmail.com>
Date: Sun, 13 Nov 2016 14:22:27 -0600
Subject: [PATCH 5/9] Allow admins to search unsearchable users

---
 www/search.spt | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/www/search.spt b/www/search.spt
index d6748ba537..f5c51500a1 100644
--- a/www/search.spt
+++ b/www/search.spt
@@ -25,6 +25,18 @@ if query:
              LIMIT 10
         """, locals())
 
+    if user.ADMIN:
+        if action in (None, 'search_usernames'):
+            results['usernames'] = website.db.all("""
+                SELECT username, avatar_url, similarity(username, %(q)s) AS rank
+                  FROM participants
+                 WHERE username %% %(q)s
+                   AND claimed_time IS NOT NULL
+                   AND NOT is_closed
+              ORDER BY rank DESC, username
+                 LIMIT 10
+            """, locals())
+
     if user.ADMIN:
         if action in (None, 'search_emails'):
             results['emails'] = website.db.all("""

From d41321964db3a516410d7a809ce6d7ebc37984b6 Mon Sep 17 00:00:00 2001
From: Matt <bedrocks@gmail.com>
Date: Mon, 14 Nov 2016 19:29:49 -0500
Subject: [PATCH 6/9] Remove duplicate code.

Thanks to  @nobodxbodon.
---
 www/search.spt | 21 +++++++++++----------
 1 file changed, 11 insertions(+), 10 deletions(-)

diff --git a/www/search.spt b/www/search.spt
index f5c51500a1..b511b243ed 100644
--- a/www/search.spt
+++ b/www/search.spt
@@ -14,16 +14,17 @@ if query:
     q = strip_accents(query)
 
     if action in (None, 'search_usernames'):
-        results['usernames'] = website.db.all("""
-            SELECT username, avatar_url, similarity(username, %(q)s) AS rank
-              FROM participants
-             WHERE username %% %(q)s
-               AND claimed_time IS NOT NULL
-               AND is_searchable
-               AND NOT is_closed
-          ORDER BY rank DESC, username
-             LIMIT 10
-        """, locals())
+         results['usernames'] = website.db.all("""
+             SELECT username, avatar_url, similarity(username, %(q)s) AS rank
+               FROM participants
+              WHERE username %% %(q)s
+                AND claimed_time IS NOT NULL
+                """
+                +("" if user.ADMIN else " AND is_searchable")
+                +""" AND NOT is_closed
+           ORDER BY rank DESC, username
+              LIMIT 10
+         """, locals())
 
     if user.ADMIN:
         if action in (None, 'search_usernames'):

From 24bcb5cc9cd0f7645bf61ca2d480cea5013fb22e Mon Sep 17 00:00:00 2001
From: mattbk <bedrocks@gmail.com>
Date: Thu, 17 Nov 2016 11:43:49 -0600
Subject: [PATCH 7/9] Remove duplicate code again.

---
 www/search.spt | 12 ------------
 1 file changed, 12 deletions(-)

diff --git a/www/search.spt b/www/search.spt
index b511b243ed..08143e1024 100644
--- a/www/search.spt
+++ b/www/search.spt
@@ -26,18 +26,6 @@ if query:
               LIMIT 10
          """, locals())
 
-    if user.ADMIN:
-        if action in (None, 'search_usernames'):
-            results['usernames'] = website.db.all("""
-                SELECT username, avatar_url, similarity(username, %(q)s) AS rank
-                  FROM participants
-                 WHERE username %% %(q)s
-                   AND claimed_time IS NOT NULL
-                   AND NOT is_closed
-              ORDER BY rank DESC, username
-                 LIMIT 10
-            """, locals())
-
     if user.ADMIN:
         if action in (None, 'search_emails'):
             results['emails'] = website.db.all("""

From 7270bdcf75bfde8d232d4afcdce6cc76aff7180c Mon Sep 17 00:00:00 2001
From: mattbk <bedrocks@gmail.com>
Date: Mon, 21 Nov 2016 15:09:12 -0600
Subject: [PATCH 8/9] Fix indent.

---
 www/search.spt | 22 +++++++++++-----------
 1 file changed, 11 insertions(+), 11 deletions(-)

diff --git a/www/search.spt b/www/search.spt
index 08143e1024..15810a47cf 100644
--- a/www/search.spt
+++ b/www/search.spt
@@ -14,17 +14,17 @@ if query:
     q = strip_accents(query)
 
     if action in (None, 'search_usernames'):
-         results['usernames'] = website.db.all("""
-             SELECT username, avatar_url, similarity(username, %(q)s) AS rank
-               FROM participants
-              WHERE username %% %(q)s
-                AND claimed_time IS NOT NULL
-                """
-                +("" if user.ADMIN else " AND is_searchable")
-                +""" AND NOT is_closed
-           ORDER BY rank DESC, username
-              LIMIT 10
-         """, locals())
+        results['usernames'] = website.db.all("""
+            SELECT username, avatar_url, similarity(username, %(q)s) AS rank
+              FROM participants
+             WHERE username %% %(q)s
+               AND claimed_time IS NOT NULL
+               """
+               +("" if user.ADMIN else " AND is_searchable")
+               +""" AND NOT is_closed
+          ORDER BY rank DESC, username
+             LIMIT 10
+        """, locals())
 
     if user.ADMIN:
         if action in (None, 'search_emails'):

From 935961d8ecd46d4b3a6c20a4ddeafa2eb51e81b7 Mon Sep 17 00:00:00 2001
From: mattbk <bedrocks@gmail.com>
Date: Mon, 21 Nov 2016 15:17:07 -0600
Subject: [PATCH 9/9] Fix wrong files.

---
 www/about/fraud/suspicious.spt | 70 ----------------------------------
 www/dashboard/suspicious.spt   | 51 -------------------------
 2 files changed, 121 deletions(-)
 delete mode 100644 www/about/fraud/suspicious.spt
 delete mode 100644 www/dashboard/suspicious.spt

diff --git a/www/about/fraud/suspicious.spt b/www/about/fraud/suspicious.spt
deleted file mode 100644
index ea67c7fe5a..0000000000
--- a/www/about/fraud/suspicious.spt
+++ /dev/null
@@ -1,70 +0,0 @@
-from aspen import Response
-
-[---]
-suspicious = website.db.all("""
-
-    SELECT username
-         , balance
-         , (SELECT SUM(amount) FROM current_payment_instructions WHERE participant_id = p.id) AS giving
-         , (SELECT COUNT(*) FROM current_payment_instructions WHERE participant_id = p.id AND amount > 0) AS ngiving_to
-      FROM participants p
-     WHERE is_suspicious IS true
-       AND NOT is_closed
-  ORDER BY claimed_time
-
-""")
-
-title = _("Suspicious Accounts")
-[---] text/html
-{% extends "templates/about.html" %}
-{% block content %}
-
-<p>If your account is listed and you don't think you're suspicious, please contact <a href="mailto:support@gratipay.com">support@gratipay.com</a></p>
-
-<script src="{{ website.asset('jquery.min.js') }}"></script>
-<script src="{{ website.asset('gratipay.js') }}"></script>
-<style>
-    table {
-        width: auto;
-    }
-    td, th {
-        text-align: left;
-        vertical-align: top;
-    }
-    iframe {
-        width: 70%;
-        height: 100%;
-        position: fixed;
-        top: 0;
-        right: 0;
-        background: white;
-    }
-</style>
-
-<table class="table">
-<thead>
-            <tr>
-                <th>{{ _("~User") }}</th>
-                <th>{{ _("Giving") }}</th>
-                <th>{{ _("nGiving") }}</th>
-            </tr>
-        </thead>
-{% for account in suspicious %}
-    <tr data-username="{{ account.username }}">
-        <td>
-            <a href="/~{{ account.username }}/" target="drill-down">{{ account.username }}</a>
-        </td>
-        <td>${{ account.giving }}</td>
-        <td>{{ account.ngiving_to }}</td>
-    </tr>
-{% endfor %}
-        <tfoot>
-            <tr>
-                <td>N = {{ len(suspicious) }}</td>
-                <td></td>
-                <td></td>
-            </tr>
-        </tfoot>
-</table>
-
-{% endblock %}
\ No newline at end of file
diff --git a/www/dashboard/suspicious.spt b/www/dashboard/suspicious.spt
deleted file mode 100644
index ca73707c71..0000000000
--- a/www/dashboard/suspicious.spt
+++ /dev/null
@@ -1,51 +0,0 @@
-from aspen import Response
-
-[---]
-suspicious = website.db.all("""
-
-    SELECT username
-         , balance
-         , (SELECT SUM(amount) FROM current_payment_instructions WHERE participant_id = p.id) AS giving
-         , (SELECT COUNT(*) FROM current_payment_instructions WHERE participant_id = p.id AND amount > 0) AS ngiving_to
-      FROM participants p
-     WHERE is_suspicious IS true
-       AND NOT is_closed
-  ORDER BY claimed_time
-
-""")
-
-title = _("Fraud Review Dashboard")
-[---] text/html
-<script src="{{ website.asset('jquery.min.js') }}"></script>
-<script src="{{ website.asset('gratipay.js') }}"></script>
-<style>
-    table {
-        width: auto;
-    }
-    td, th {
-        text-align: left;
-        vertical-align: top;
-    }
-    iframe {
-        width: 70%;
-        height: 100%;
-        position: fixed;
-        top: 0;
-        right: 0;
-        background: white;
-    }
-</style>
-
-<h3>Suspicious Accounts (N = {{ len(suspicious) }})</h3>
-<table>
-{% for account in suspicious %}
-    <tr data-username="{{ account.username }}">
-        <td>
-            <a href="/~{{ account.username }}/" target="drill-down">{{ account.username }}</a>
-        </td>
-        <td>${{ account.giving }}</td>
-        <td>{{ account.ngiving_to }}</td>
-    </tr>
-{% endfor %}
-</table>
-<iframe name="drill-down"></iframe>