lemmy icon indicating copy to clipboard operation
lemmy copied to clipboard

Published 20 hours ago verified publisher icon LemmyNet

Roles & fine-grained permissions

Open TKilFree opened this issue 1 year ago • 1 comments

Requirements

  • [X] Is this a feature request? For questions or discussions use https://lemmy.ml/c/lemmy_support
  • [X] Did you check to see if this issue already exists?
  • [X] Is this only a feature request? Do not put multiple feature requests in one issue.
  • [X] Is this a backend issue? Use the lemmy-ui repo for UI / frontend issues.

Is your proposal related to a problem?

  • https://github.com/LemmyNet/lemmy/issues/2976 currently has to be solved by allowing every admin the right to delete pretty much all content on an instance, which is not ideal;
  • It's currently not possible to delegate certain admin functions to users (e.g. the ability to accept registrations) without also giving the users the ability to cause a lot of damage.

Describe the solution you'd like.

Design

There's a lot of changes in this PR, but the actually important changes are:

  • adding a site_role table which has: an id, a name and a bunch of boolean permission flags for each individual admin operation (e.g. ban_person, purge_comment, etc.)
    • the actual specific flags I've added here are probably wrong and need a fair bit of finessing
  • removing the admin column from person
  • added site_role_id column to person
  • added two columns to local_site:
    • top_admin_role_id this references a role in site_role and represents the super-admin role, i.e. it has all permissions
    • default_site_role_id this references a role in site_role and represents a regular non-admin, i.e. it has no permissions
  • on migrating, we create two site_roles which represent admins and non-admins and ensure any existing user with the admin flag gets assigned the admin role
  • wherever we were previously checking admin, we now check for a specific site permission

With these changes, we end up with a system that's functionally identical to the current one, just with a different underlying mechanism.

Enabled Features

It's fairly easy to imagine a UI letting anyone with the configure_roles permission add and modify these roles and then assign them to users on their instance. This would potentially go some way to lightening the administrative burden of running an instance, since functions like approving registrations (or even global community moderation) can be delegated to somewhat-but-not-completely-trusted users.

This role/permission system could potentially be extended to communities and mods as well, so specific moderation functions become specific permissions. Roles could be defined at the community level, or at the instance level?

For even further extension, this role/permission system could generically replace bans/mutes. If posting to communities/viewing communities became permissions, then a 'Banned' role could be created which isn't allowed to do these things and banning a user then becomes a matter of assigning them to a specific role.

Describe alternatives you've considered.

n/a

Additional context

Note: copied from https://github.com/LemmyNet/lemmy/pull/3303

TKilFree avatar Jun 27 '23 11:06 TKilFree

I would like to extend this to roles for more people. For example, I would like a role that would allow people to upload gifs or videos. Or a role that would allow people to embed images. It would allow admins to better control their communities based on accumulated trust of their base, and help prevent things like trolling via NSFW/NSFL/CSAM uploads.

db0 avatar Mar 24 '24 16:03 db0