spreed icon indicating copy to clipboard operation
spreed copied to clipboard

Published 20 hours ago verified publisher icon nextcloud

⛔ Banning users and guests - Overview

Open nickvergessen opened this issue 9 months ago • 5 comments

How to use GitHub

  • Please use the 👍 reaction to show that you are interested into the same feature.
  • Please don't comment if you have no relevant information to add. It's just extra noise for everyone subscribed to this issue.
  • Subscribe to receive notifications on status change and new comments.

Overview

  1. We need an option to prevent guests from rejoining a call/chat/conversation when the moderator removed them #1423
  2. Similarly there should be an option to block "logged in" users from rejoining open conversations when the moderator removed them.

For 1. we will use an IP based approach, 2. can be solved by recording actor type+id, additionally we will log the moderator performing the ban, a timestamp and allow providing a text note.

Blocking a participant will not allow them to join the conversation. It is okay to be still shown in search results?

Tickets

  • [ ] API https://github.com/nextcloud/spreed/issues/12292
    • [x] Contract https://github.com/nextcloud/spreed/pull/12259
  • [ ] Frontend https://github.com/nextcloud/spreed/issues/12293
  • [ ] iOS https://github.com/nextcloud/talk-ios/issues/1650
  • [ ] Android https://github.com/nextcloud/talk-android/issues/3898

nickvergessen avatar May 07 '24 07:05 nickvergessen

It is okay to be still shown in search results?

If there is a possibilty to unban person, I'd say yes. Then we can mark them in search results as banned (with a reason e.t.c) and on click perform both: unban + invite. Otherwise it would complicate things to navigate to another tab/list/ whatever we come up with, find needed person, unban it from there, and only then add to a conversation

Antreesy avatar May 07 '24 15:05 Antreesy

For 1. we will use an IP based approach, 2. can be solved by recording actor type+id, additionally we will log the moderator performing the ban, a timestamp and allow providing a text note.

What if, a logged-in user gets blocked from an open conversation and then join the conversation as a guest? Shouldn't 1 and 2. be solved both with IP based approach ?

DorraJaouad avatar May 08 '24 08:05 DorraJaouad

Shouldn't 1 and 2. be solved both with IP based approach ?

Might be a special case, we can have IP block in optional addition when the conversation is public, but since multiple people could be on the same connection (offices, etc.) we need to be able to block individuals instead of IPs.

It is okay to be still shown in search results?

If there is a possibilty to unban person, I'd say yes. Then we can mark them in search results as banned (with a reason e.t.c) and on click perform both: unban + invite. Otherwise it would complicate things to navigate to another tab/list/ whatever we come up with, find needed person, unban it from there, and only then add to a conversation

I think you misunderstood. I was referring to list the room e.g. in open conversations for the blocked user, similarly the name of a conversation the user got blocked from is not "private" I would say.

Of course we need the option to unban attendees/IPs. But this can be burried in the moderation settings of the conversation

nickvergessen avatar May 08 '24 09:05 nickvergessen

How are we naming that feature user-facing (e.g. when showing it in the conversation settings to list all bans)?

  • Banned actors -> I think we don't have actor user-facing right now. Could also sound weird when translated
  • Banned users ?
  • Banned users and guests ?
  • Banned participants?

Edit: Also do we use the word "Unban" to remove a ban? Or do we go with something like "Remove ban"? I could image that "Unban" might be tricky to translate.

SystemKeeper avatar May 12 '24 10:05 SystemKeeper

Copying from https://github.com/nextcloud/spreed/issues/12292#issuecomment-2106201684

  • RequireModeratorParticipant is also true for 1:1 conversations. Do we allow blocking in 1:1 ?

No, banning is not supported in one-to-one

  • Does internalNote has a maximum length we need to enforce?

Let's say 4k?

  • We do have the information actorType and actorId about the person that did add the ban. Should we also include the actorDisplayname? Otherwise we can only show the actorId to the user, which might be weird (e.g. LDAP). Same probably for the banned participant in case we can determine a displayname?

That makes sense

  • Do we allow to directly ban an IP? According to the contract, this would be possible by specifying ip as actorType. Since we don't know the IP of any of the participants, I am not sure this is correct? https://github.com/nextcloud/spreed/blob/3cda633a5f019c0f47a88bfc12b6e90e49ec5bee/lib/Controller/BanController.php#L36

That's right, I never thought about this. The plan was to allow banning an IP. But yeah we don't have a record of the guests IP atm so we need to think a bit more about it.

nickvergessen avatar May 13 '24 08:05 nickvergessen

  • We do have the information actorType and actorId about the person that did add the ban. Should we also include the actorDisplayname? Otherwise we can only show the actorId to the user, which might be weird (e.g. LDAP). Same probably for the banned participant in case we can determine a displayname?

That makes sense

^ Just want to bring that up again, as it seems we don't have a displayname for the banned actor. Also CC @skalidindi53

SystemKeeper avatar Jul 16 '24 06:07 SystemKeeper

  • I just added the displayname in https://github.com/nextcloud/spreed/pull/12735

nickvergessen avatar Jul 16 '24 07:07 nickvergessen