Details
-
Type:
Improvement
-
Status:
Resolved
-
Priority:
Normal
-
Resolution: Fixed
-
Version/s: Einstein release
-
Labels:
Description
At least one sub forum should allow users to post, even with 0 credit. IIRC, we chose the "Getting started" forum for that. Does that still work? If not, it needs fixing.
Issue Links
- relates to
-
DBOINCP-85 Spam protection: minimum credit required to post
-
Activity
Users with zero-credits may create new posts in the forum 'Getting Started'- or any other forum we chose.
Ideally that forum could be configured here, below the minimum credit setting.
It should be said that your bullet points 1-4 are largely alternatives from which we should pick one. I for one am in favor of 1, I think, as I don't want to put additional strain on the moderators. The reCAPTCHA could be added when the need arises.
One question to think about: It is a good idea to allow these new users to post in a forum, but not also comment in the same forum? I worry about a situation where someone asks for help, and more information is needed. If they cannot post comments they may not be able to follow up.
In order to be a little more clear, I will try to outline the options available and their consequences, such that we can "choose between different checkboxes". Imagine each number is a checkbox we can enable independently. And the sub-bullet points are the results.
- Allow new users with zero-credits to post in a single forum.
- User will be able to add new posts to a forum. Presumably we will only allow for one: 'Getting Started'.
- Allow new users with zero-credits to post comments.
- This allows users to comment on 'nodes' that are node forums: on our Web site this will be the News pages. These comments are moderated: they start unpublished and someone has to unhide them.
- Allow new users with zero-comments to post comments AND post comments in a single forum.
- (I lied a bit, this option is a subset of the option above). This allows users to comment on News items and a forum. Presumably we will only allow for 'Getting Started'. Again these comments start as unpublished and someone has to unhide them.
- There is currently no Drupal option to allow a user to comment only in a forum of our choice but not comment on News items (other nodes). This is something that we could presumably develop if we desire to have this functionality.
- This allows users to comment on forums. Presumably we will only allow for the forum 'Getting Started'. Again these comments start as unpublished and someone has to unhide them.
- Create a new rule: if a user with zero-credits posts a comment, the Web site emails the moderator mailing list.
- This is easy to implement. In fact it could be enabled independently of the permissions above. The rule will just not be triggered because no zero-credit user can post a comment!
I hope this helps clarify what our options are. All these above (except #4) are already available in the admin interface, just not in one place. You can find admin permissions in /admin/content/forum and user permissions in /admin/user/permissions. A combination of the checkboxes will do what we want. Lastly, I believe we can export the permissions into the discussion_forum and boinc_standard Features for deployment.
Hm, I'm slightly confused. Maybe that's due to my ignorance to differentiate between post and comment? I've always assumed that being allowed to post a new topic in a forum includes the permission to post a comment in that forum (on any topic) as well. Isn't that the case?
Anyhow, this is what I'd prefer: a user with zero credit should be allowed to post new topics in a forum of our choice, say "Getting started", and be be allowed to comment on any topic in that forum as well - without any further moderation (that's reCAPTCHA-only, until we notice that's a problem). No other forum interaction should be allowed, incl. posting on news topics.
Did I miss anything there?
I've always assumed that being allowed to post a new topic in a forum includes the permission to post a comment in that forum (on any topic) as well. Isn't that the case?
This would make the most logical sense: but we're using Drupal so we can discount such logic. Instead post and comments comments are separate entities: posts are nodes while comments are just comments. Permissions are not granted on a post-by-post basis.
Anyhow, this is what I'd prefer: a user with zero credit should be allowed to post new topics in a forum of our choice, say "Getting started", and be be allowed to comment on any topic in that forum as well - without any further moderation (that's reCAPTCHA-only, until we notice that's a problem). No other forum interaction should be allowed, incl. posting on news topics.
Now, your preference is my preference too: because it's the logical thing to do. It's just not feasible without some programming. Should we go about doing this?
I'd say that "not feasible without some programming" doesn't make it generally infeasible. Can you estimate the effort and do you consider it worthwhile?
I'd say that "not feasible without some programming" doesn't make it generally infeasible. Can you estimate the effort and do you consider it worthwhile?
Time: Probably not that long- we would try to us the exiting Drupal ACL framework to create our own permission. Something similar to 'only comment on own forum posts'. Unfortunately I go on holiday next week so it won't be done soon. As oppose to simply changing the existing admin options for permissions, obviously that could be implemented right away.
As for worth: I would say this is an existing BOINC-feature we are lacking. Again, I'll start thinking about this and work on it in earnest after the holiday.
I think we can afford to wait until then. Take your well-deserved time off and try to not think about work - in earnest
Thanks!
I've made the code changes on my development Web site do the following:
- New users, role='community member', may post new forum topics in the 'Getting Started' forum.
- role='community member' may post comments in the forum topic that they started, but not add comments to other forum posts.
- Additionally, role='community member' may not post comments in other parts of the Web site, such as content type=News.
Some of this is done through code changes to the forum_access module. The site-wide permissions are also modified, which is controlled by the discussion_forum Feature.
However, there are some parts of the implementation that are not controlled by Features and not part of the code-base. This involves the admin manually changing the ACL permissions in the forums. However, I can write some instructions here when the time comes.
Update: GitHub PR 2626 created which will add the new code.
Could you also add a conditional reCAPTCHA to the comment form for that user group? If credit doens't protect from spammers, a captcha needs to.
I updated the PR with code to put the CAPTCHA into the comment form, as well as the post new (forum) topic form, but only for users who are 'community members' and not 'verified contributors', i.e., users who do not have the minimum credit requirements.
Just another late thought to confirm that hook_nodeapi is not an option to allow permissions only in a certain forum (but this is just a general thought, as it seems questionable to blanket allow community members to post topics, when in all but one case we don't want them to).
Deployment: Now that Tristan has merged the code, here is the deployment instructions for einstein.
- Merge in the code case
- Revert the discussion_forum feature: {{drush fr discussion_forum}
- In the Drupal admin interfaces, make the following changes
- Admin -> Content management -> Forums
- "Help Desk" - edit container
- In column 'See this container...', select 'community member'.
- Admin -> Content management -> Forums
- "Getting Started" - edit forum
- In column 'Post in this forum', select 'community member'. This should already be selected.
- In column 'Comment on posts', deselect 'community member'.
- Update the permissions: in batches of 20. This should be the default.
- Click Save
At this point, new 'community member' users will be able to post in 'Getting Started', and comment on their own posts.
On albert, there is no 'Getting Started' Forum. Deployment is simply merging the code and then reverting the discussion_forum Feature. By default, the 'community member' role can't do anything in albert's forums. This could be changed if we desire.
Update: Edited comment to use correct verb: the Feature is to be reverted not updated.
Are you sure you want me to update the discussion_forum feature instead of reverting it? Update means I change its code, not deploy its code changes that I presumably merged the step before.
OTOH, the feature isn't overridden so reverting it shouldn't do anything, yet updating also doesn't seem useful...
First, yes I meant to write reverting the Feature (to the state in the code). I will update my comment above.
Second, I a surprised that the Feature isn't overridden when you merge the codebase.
Third, Is this PR deployed yet? If it is, I could take a look in Admin -> User -> Permissions, to check if the new permissions have been set correctly.
I took a look on ablert, and the over user permissions, /admin/user/permissions, are correctly set. If there was a 'Getting Started' forum on albert, we would go to /admin/content/forum, and set the the community member role to allow posting/commenting in individual forums.
Thus, I would go ahead and deploy this feature on einstein.
Done!
There was also nothing to revert on einstein so I changed the permissions manually:
- Help Desk: See this container -> yes
- Getting Started:
- Post in this forum: was already selected
- Comment on posts -> no
Hopefully those guys will still be able to comment on their own posts
Thanks
There was also nothing to revert on einstein so I changed the permissions manually
That is really strange since you can see in the code changes for the PR, the discussion_forum Feature. I wonder why this did not work as expected.
I'll go about testing this and report back.
I tested this on einstein with a new user, zero credits. I could only post in the Getting Started forum. I could only comment in posts I created. Both actions required re-CAPTCHA.
Meeting summary 2018-07-12: The current status (Answer to Oliver's question) is that new users with zero credits may not post in any forums.
A quick word on Drupal roles: new users are given roles 'authenticated user' and 'community member' when the login. After earning one credit, Drupal gives them role 'verified contributor', which allows forum posting, comments, etc.
It would be easy and quick to change the permissions of the Web site to allow new users with zero credits, aka users with the community member role only, access to one forum. The resulting behavior would be as follows.
I raised a concern about SPAM-ers creating account and flooding the forums. One idea Oliver presented is: if this gets out of hand, we find a way to implement the reCAPTCHA model when users post new forum content, but only for the users with zero-credits.
Lastly, we should obviously tell our E@H Moderators about any policy changes regarding this so they are prepared for new users, some of whom may be SPAM-ers, posting in forums and making comments.
Update: I've changed the category of this ticket from Question to Improvement.