Add account suspension features #174
Conversation
This renders all requests for that user's posts, collections and related ActivityPub endpoints with 404 responses. While suspended, users may not create or edit posts or collections. User status is listed in the admin user page Admin view of user details shows status and now has a button to activate or suspend a user.
ghost
requested a review
from 
There was a problem hiding this comment.
Looking pretty good overall -- just combed through everything, reading only. One major design change I'd suggest is creating something like an integer status column in the users table, instead of the boolean suspended column. That'll allow us to add other user states in the future without any database changes.
I'd look at the collVisibility type for prior art: https://github.com/writeas/writefreely/blob/3759f16ed3ff30bf1bb4277b4d8ef7f15bcfc043/collections.go#L117-L128
Of course, e.g. UserActive should be the 0 / default state, and then right now we'd just have UserSuspended as the second potential state.
|
Also resolved merge conflicts with |
- update error messages to be correct - move suspended message into template and include for other pages - check suspended status on all relevant pages and show message if logged in user is suspended. - fix possible nil pointer error - remove changes to db schema files - add version comment to migration - add UserStatus type with UserActive and UserSuspended - change database table to use status column instead of suspended - update toggle suspended handler to be toggle status in prep for possible future inclusion of further user statuses
also fix logic bug in posts.go viewCollectionPost checking the page owner
This adds a User.IsSuspended() method and uses it when displaying the user's status on admin pages, instead of doing a magic number check. This should also help in the future, in case this logic ever changes. Ref T661
The link here is a little redundant, and might make people think that it actually changes the status by clicking on it.
This also includes a bit of explanation about what suspending a user actually does. Ref T661
Previously it was above the header. Ref T661
From u.Status == UserSuspended to u.IsSuspended() Ref T661
This puts the verbiage more in line with what the feature does, and leaves room for other moderation controls in the future. NOTE: this includes no backend refactoring, which may be confusing. We should rename things to fit ASAP. Ref T661
Some of the work needed to have the backend match user-facing wording. Ref T661
- Tagged posts - Collection index Ref T661
|
Made a few changes to the language, including renaming this function from Suspending a user to Silencing them. This more closely fits the function, leaves room for other kinds of moderation controls, and fits expectations admins should have with other platforms. Since I'm going to be merging this relatively soon in order to get the release wrapped up, I'm going to note that this is experimental, and solicit bug reports and user feedback. Some work still to do:
|
This renders all requests for that user's posts, collections and related
ActivityPub endpoints with 404 responses.
While suspended, users may not create or edit posts or collections. A 403
is returned to the authenticated user.
User status is listed in the admin user page
Admin view of user details shows status and has a button to activate or
suspend a user.
Resolves T661.