Page MenuHomeMusing Studio

Support silencing accounts
Closed, ResolvedPublic

Description

Overview

Admins should be able to disable access to an account. This should:

  • Make the user's blogs and posts inaccessible to the world
  • Prevent the user from creating new posts or blogs
  • Still allow the to log in, so they can e.g. export their data
  • Update the user count via Write.as Teams API

A suspended user shouldn't count towards an instance's count of active users. So: reflect this in NodeInfo and the count sent to Write.as Teams API.

Implementation

When an admin suspends another user, we should insert into the userattributes table:

  • user_id = {suspended user's ID}
  • attribute = 'suspended'
  • value = '1'

Now, on the viewing side:

  • Make the user's blogs and posts inaccessible to the world

In collection viewing handlers -- via web, API, and ActivityPub -- do this:

SELECT 1 FROM userattributes WHERE user_id = {collection.ownerID} AND attribute = 'suspended' AND value = '1'

(NOTE: See existing funcs in database.go for how we create a helper func for this.) If that returns a row, return a 404 for the collection / collection post.

  • Prevent the user from creating new posts or blogs

When publishing or updating posts, again check if the user is suspended, as above, and return a 403 Forbidden if they are.

  • Still allow the to log in, so they can e.g. export their data

(No additional development needed here.)

Event Timeline

matt updated the task description. (Show Details)

Another thing to note: suspended users shouldn't show up in the Reader view.

For activity pub related endpoints, should it just be:

  • outbox
  • inbox
  • following
  • followers

Right, those are all of them. And they only need to return the 404 status, not any other data.

matt renamed this task from Support disabling accounts to Support silencing accounts.Nov 11 2019, 5:06 PM

As discussed in #174, this is now the "silence" admin feature. See that PR for remaining items needed to resolve this.

Remaining work:

  • Total posts count shouldn't included suspended users' posts
In T661#11877, @matt wrote:

Remaining work:

  • Total posts count shouldn't included suspended users' posts

This will be addressed in T915: Don't include suspended users in total user count.