visibility checks around reported content #8

New Issue

Open

opened 2022-07-13 15:27:29 +00:00 by Johann150 · 1 comment

Johann150 commented

2022-07-13 15:27:29 +00:00

Owner

Currently, admins and moderators might not be able to see reported content properly because the visibility checks are not adjusted to this. For example:

User 1 creates a followers only note. User 2 reports that note. User 3 (a moderator) sees the report but can not see the content of the note because the visibility checks forbey them from doing so.

A solution would be to embed the note in the reports UI and only there enact different visibility checks which allows admins & moderators to see the note.

In many cases it should be possible to determine moderator action based on the note alone. However, in some cases it might be necessary to get more context from notes that have been replied to. Therefore, admins (and only admins, not moderators) should also be able to go to a page of a note and view the content, even if as a normal user they would not be able to see the content. This should be done after informing them about the fact that they are now using administrator privileges to view the content. Such notes should also not normally be shown on timelines, user profiles, in replies to another note etc.; only if the adminstrator explicitly visits a page about the note.

Since this might potentially be revealing DMs, it seems a good idea to only allow administrators to have this privilege, and not moderators.

Currently, admins and moderators might not be able to see reported content properly because the visibility checks are not adjusted to this. For example: User 1 creates a followers only note. User 2 reports that note. User 3 (a moderator) sees the report but can not see the content of the note because the visibility checks forbey them from doing so. A solution would be to embed the note in the reports UI and *only there* enact different visibility checks which allows admins & moderators to see the note. In many cases it should be possible to determine moderator action based on the note alone. However, in some cases it might be necessary to get more context from notes that have been replied to. Therefore, admins (and only admins, **not** moderators) should also be able to go to a page of a note and view the content, even if as a normal user they would not be able to see the content. This should be done after informing them about the fact that they are now using administrator privileges to view the content. Such notes should also not normally be shown on timelines, user profiles, in replies to another note etc.; only if the adminstrator *explicitly* visits a page about the note. Since this might potentially be revealing DMs, it seems a good idea to only allow administrators to have this privilege, and not moderators.

👍 1

Johann150 added this to the (deleted) project 2022-07-13 15:27:29 +00:00

toast commented

2022-07-13 18:12:24 +00:00

Owner

I think this can be two sub-tasks.
First, embedding the note in the report (the 80+% solution for 20% of the effort).
Then, afterwards, bypassing everything (e.g via button in the report panel that can also be reused?) for admins.

I think this can be two sub-tasks. First, embedding the note in the report (the 80+% solution for 20% of the effort). Then, afterwards, bypassing everything (e.g via button in the report panel that can also be reused?) for admins.

Johann150 added a new dependency 2022-07-19 19:37:08 +00:00

#14 hide metadata of private notes

Johann150 added the

feature

label 2022-12-23 10:14:26 +00:00

Johann150 removed this from the (deleted) project 2022-12-23 10:14:29 +00:00