AdminAPI: Optionally restrict moderators from accessing sensitive data (!3578) · Merge requests · Pleroma / pleroma

a1batross requested to merge restricted-moderators into develop Dec 26, 2021

This patch adds new option: :instance, :privileged_staff which is toggles access to sensitive data for moderators, like reading and indexing DMs, chats, changing user password (through credential update and password reset token). Deleting users is something I'm not sure about, it gives too much power and for complying with reports it's enough to just deactivate user.

Privileged staff is disabled by default so it doesn't affect individuals running existing Pleroma instances too much. Enabling it may be useful when instance owner can sign a some kind of NDA with moderators to approach them legally or when they just explicitly wants it.

Privileged staff option is also reported through metadata, so applications can show different warning message, like change "Boo, admin can read DMs" to "Boo, admin and moderators can read DMs".

Oh, and it's also fixes incorrectly applied changelog entry for !3480 (merged) (see #2806)

Edited Dec 27, 2021 by a1batross

AdminAPI: Optionally restrict moderators from accessing sensitive data

Merge request reports