Skip to content

fine grained moderation privileges

Ilja requested to merge ilja/pleroma:fine_grained_moderation_privileges into develop

Supersedes !3652 (closed)
Pleroma-fe part: pleroma-fe!1583 (merged)
Admin-fe part: admin-fe!285 (closed)

The idea is to set what privileges a certain role (admin/moderator) has.

That way admins can decide what they allow their moderators (and also admins) and what not. E.g. Some admins may want their moderators to be able to delete users, others may not want that. Some admins may want to be able to read chats and non-public messages (which is currently possible through admin-fe), others may not want that (although, they obviously still can through the database if they have server access, but not every one with admin role is necessarily system-admin with server access).

In a later stage, we could introduce custom roles other than "Admin" and "Moderator", but custom roles are out of scope for this MR.

  • Move endpoints from !3578 (merged)
  • Remove rest from !3578 (merged)
  • Move endpoints from !3480 (merged)
  • Remove rest from !3480 (merged)
  • Check other pure-admin endpoints if they should also be added under a privilege
  • Go through the rest of the code to see if other things need to be restricted that super_users now have/can
    • User.superuser?
      • report notifications deletion when the tag is removed (instead of when not a super user any more)
      • others? grep -R 'superuser?' ./lib grep -R 'superuser?' ./test
    • User.all_superusers
      • getting report notifications
      • others? grep -R 'all_superusers' ./lib grep -R 'all_superusers' ./test
        • I kept it for nodeinfo because this is showing all staff members. Fetching everyone with a role is correct here.
    • Showing deactivated field !3644 (closed)
    • Provide user's roles and privileges to fe so it can hide/show options based on privileges
    • Does nodeinfo/instance_view need info on what roles there are and what they can do?
      • I added it to nodeinfo, but not to instance_view. I'm not sure what the difference between the two should be, but nodeinfo shows the staff, instance_view does not. Roles seem related to that, so this felt more consistent.
  • Better/more consistent naming for the tags
  • Extra checks
    • Non-public posts that are reported should still be viewable with the report. Check that someone who can view reports, but not statuses, can still see the reported statuses.
    • Deleting other peoples posts in pleroma-fe should only be possible with correct privilege
    • Check live (now I tested mostly with unit tests)
  • Make either issue or MR for Pleroma-fe
  • Make either issue or MR for Admin-fe
  • Docs/Changelog/etc.
  • Check if pleroma-fe#1198 can/should be fixed here
    • It looks too non-trivial to add as part of this MR. I added a comment in the issue for it

If you think there's things I'm forgetting here, pls let me know.

Edited by Sean King

Merge request reports