Page MenuHomeMusing Studio
Create Task
Maniphest T661

Support silencing accounts
Closed, ResolvedPublic
Actions

Description

Overview

Admins should be able to disable access to an account. This should:

  • Make the user's blogs and posts inaccessible to the world
  • Prevent the user from creating new posts or blogs
  • Still allow the to log in, so they can e.g. export their data
  • Update the user count via Write.as Teams API

A suspended user shouldn't count towards an instance's count of active users. So: reflect this in NodeInfo and the count sent to Write.as Teams API.

Implementation

When an admin suspends another user, we should insert into the userattributes table:

  • user_id = {suspended user's ID}
  • attribute = 'suspended'
  • value = '1'

Now, on the viewing side:

  • Make the user's blogs and posts inaccessible to the world

In collection viewing handlers -- via web, API, and ActivityPub -- do this:

SELECT 1 FROM userattributes WHERE user_id = {collection.ownerID} AND attribute = 'suspended' AND value = '1'

(NOTE: See existing funcs in database.go for how we create a helper func for this.) If that returns a row, return a 404 for the collection / collection post.

  • Prevent the user from creating new posts or blogs

When publishing or updating posts, again check if the user is suspended, as above, and return a 403 Forbidden if they are.

  • Still allow the to log in, so they can e.g. export their data

(No additional development needed here.)

Revisions and Commits

rWF WriteFreely
rWF859702f3e7a5 Merge pull request #210 from writeas/rename-account-suspend
rWF7023b74d12da Update calls and vars for Invites and elsewhere
rWF252d59d3f75a Merge pull request #208 from writeas/silence-invites
rWF8cfffb565053 Disable form items on Invite page when silenced
rWF5644e8d2516f Fix "silenced" alert styles on more pages
rWF7f96e8c38421 Rename UserSuspended to UserSilenced
rWFc3f76a3ab840 Change "suspend" to "silence" where user-facing
rWFf7550a0da8f6 Change more suspension check logic
rWF619b10c3e5f4 Fix "suspended" message location on Drafts
rWF280c32afdce4 Confirm suspension before submitting the form
rWFda7dcfee6aff Move admin template IsSuspended logic into method

Related Objects
Search...

StatusAssignedTask
 OpenNoneT538 Admin interface
 OpenNoneT553 User management
 ResolvedrobjlorangerT661 Support silencing accounts

Event Timeline

matt created this task.Jun 28 2019, 1:28 PM
matt moved this task from Backlog to Next Release on the WriteFreely board.Jul 2 2019, 2:35 PM
matt assigned this task to robjloranger.Aug 27 2019, 3:37 PM
matt updated the task description. (Show Details)
matt added a comment.Aug 27 2019, 7:06 PM

Another thing to note: suspended users shouldn't show up in the Reader view.

robjloranger added a comment.Aug 28 2019, 6:44 PM

For activity pub related endpoints, should it just be:

  • outbox
  • inbox
  • following
  • followers
matt added a comment.Aug 28 2019, 7:08 PM

Right, those are all of them. And they only need to return the 404 status, not any other data.

matt mentioned this in rWF9873fc443fca: Merge branch 'develop' into T661-disable-accounts.Oct 24 2019, 5:44 PM
matt added a commit: rWFda7dcfee6aff: Move admin template IsSuspended logic into method.Nov 7 2019, 8:50 AM
matt added a commit: rWF280c32afdce4: Confirm suspension before submitting the form.
matt added a commit: rWF619b10c3e5f4: Fix "suspended" message location on Drafts.
matt added a commit: rWFf7550a0da8f6: Change more suspension check logic.Nov 11 2019, 3:42 PM
matt added a commit: rWFc3f76a3ab840: Change "suspend" to "silence" where user-facing.
matt added a commit: rWF7f96e8c38421: Rename UserSuspended to UserSilenced.
matt added a commit: rWF5644e8d2516f: Fix "silenced" alert styles on more pages.
matt mentioned this in rWF53586d9cb825: Merge branch 'develop' into T661-disable-accounts.Nov 11 2019, 4:46 PM
matt renamed this task from Support disabling accounts to Support silencing accounts.Nov 11 2019, 5:06 PM

As discussed in #174, this is now the "silence" admin feature. See that PR for remaining items needed to resolve this.

GitHub <noreply@github.com> mentioned this in rWFbca678aee5a5: Merge pull request #174 from writeas/T661-disable-accounts.Nov 11 2019, 5:08 PM
matt added a commit: rWF8cfffb565053: Disable form items on Invite page when silenced.Feb 9 2020, 3:52 PM
GitHub <noreply@github.com> added a commit: rWF252d59d3f75a: Merge pull request #208 from writeas/silence-invites.Feb 9 2020, 4:02 PM
matt added a commit: rWF7023b74d12da: Update calls and vars for Invites and elsewhere.Feb 9 2020, 4:25 PM
GitHub <noreply@github.com> added a commit: rWF859702f3e7a5: Merge pull request #210 from writeas/rename-account-suspend.Feb 9 2020, 4:40 PM
matt added a comment.Feb 15 2020, 5:20 PM

Remaining work:

  • Total posts count shouldn't included suspended users' posts
matt added a project: Abuse Prevention.Feb 15 2020, 5:22 PM
matt mentioned this in T553: User management.Feb 15 2020, 5:25 PM
matt moved this task from Backlog to Moderation on the Abuse Prevention board.Mar 30 2021, 6:09 PM
matt closed this task as Resolved.Sep 17 2024, 6:38 PM
matt mentioned this in T915: Don't include suspended users in total user count.
In T661#11877, @matt wrote:

Remaining work:

  • Total posts count shouldn't included suspended users' posts

This will be addressed in T915: Don't include suspended users in total user count.

musing studio · developers