The idea is to limit moderation endpoints based on the fact that the user
- is a staff member AND
- has the right privileges based on user tags
That way admins can decide what they allow their moderators (and also admins) and what not. E.g. Some admins may want their moderators to be able to delete users, others may not want that. Some admins may want to be able to read chats and non-public messages (which is currently possible through admin-fe), others may not want that (although, they obviously still can through the database if they have server access, but not every one with admin role is necessarily system-admin with server access).
In a later stage, we could introduce custom roles other than "Admin" and "Moderator". Custom roles are out of scope for this MR, but this MR shouldn't introduce changes which would make it harder to go that route later.
Note that I run my own single-user instance, so I don't really have much experience with moderation. I grouped things in a way that made sense to me, feel free to provide feedback if there are things you feel should be done differently. Especially feedback from staff of instances with multiple moderators is very welcome here.
tags and what they allow
Currently I've grouped endpoints as followed
- Get a list of reports
- get specific report
- update specific report
- add and delete report notes
- Add end remove user tags. You can NOT add or delete user tags starting with "moderation_tag:"
- Get list of statuses (including non-public) and chats. you can also get a specific status or chat
- Activate and deactivate users
- Delete users
- Force password reset, disable mfa, show and update user credentials (I assume username/email)
I kept the naming convention the way it's done for the mrf-tags (see https://git.pleroma.social/pleroma/pleroma/-/blob/develop/lib/pleroma/web/activity_pub/mrf/tag_policy.ex#L8)
If you want to try this out, you can give a user the needed tags by starting Pleroma with
iex -S mix phx.server and then in the iex shell, you can do (assuming your user is named
erica and the tag you want to set is
alias Pleroma.User # Set the tag User.tag("erica","moderation_tag:report-triage") # Unset the tag User.untag("erica","moderation_tag:report-triage")
Add and group other tags
Non-public posts that are reported should still be viewable with the report. Check that this is still a thing even for someone who doesn't have the "moderation_tag:messages-read-non-public"
Go through the rest of the code to see if other things need to be restricted that super_users now have/can
getting report notifications
report notifications deletion when the tag is removed (instead of when not a super user any more)
Showing deactivated field !3644 (closed)
Clean up previous MR's
Add setting for what user tags an admin and moderator respectively get. (This implies that it will be possible to allow a moderator things while restricting it for admins, and vice versa)
Migration to give moderators and admins the tags corresponding to what they have on latest stable
Making someone moderator or admin should also set the correct tags
What with existing admin/mods when someone changed what tags an admin/mod can have?
- Some ideas:
- Set it correct during start-up?
- Have a mix task to correct things?
- Other options?
- Some ideas:
Do we need to make it possible to allow setting a specific tag to a user already? (Personally I think we shouldn't at this time)
Make changed to Pleroma-fe to show certain options/menus based on these tags
What with admin-fe?
Other things I'm forgetting?