swentel
Permissions for posting to ActivityPub
The ability to post should be permission-based. Permissions similar to (modeled on) those for posting or editing content by type.
- On install, assign sensible perms based on existing post perms. E.g. if role
editorhascreate article contentand ActivityPub is enabled forarticlecontent type, assigneditorpost article content to activitypub.
I wonder if this is not redundant: as soon as you opt in the fediverse with #1, then anything that is configured as an activitypub thing automatically does what it is intented for.
There's also more than posting: follow, block, reply and many other type of actions in the fediverse world.
I have the feeling I'm with @swentel on this one; at least as far as it goes in terms of 'Create', 'Update', 'Delete' and such Activities. They are activity stream notifications about objects that the user has the permission to create in Drupal (mappings like comment -> Note, page node -> Page, new node -> Article) for the object.
I could see a permission to remove activities that were created.
Then, yes, there is the rest of the Activity Types https://www.w3.org/TR/activitystreams-vocabulary/#activity-types I feel that there would need to be a way of making permissions for them, but how they would work requires thinking through (maybe just as they, if they, are implemented). My immediate thought jumps to creating an Invite for example. You may well want to restrict who could do that, but maybe it should be tied to the code that generates in Drupal, which won't be the base ActivityPub implementation, as it would be related to some event module.
