Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Give moderators access to edit channels #4608

Merged
merged 17 commits into from Dec 13, 2021
Merged

Give moderators access to edit channels #4608

merged 17 commits into from Dec 13, 2021

Conversation

kontrollanten
Copy link
Contributor

@kontrollanten kontrollanten commented Dec 6, 2021
edited

Description

Gives moderators access to edit another users video channel. A moderator won't be able to update an admins channel.

Related issues

closes #4598

Has this been tested?

  • 🙋 yes

Screenshots

image

@kontrollanten
Copy link
Contributor Author

@Chocobozzz My second test fails due to

  1) Test video channels
       Should have another acccounts video channel updated:
     Error: expected 200 "OK", got 404 "Not Found"
      at buildRequest (shared/extra-utils/requests/requests.ts:175:35)
      at makeGetRequest (shared/extra-utils/requests/requests.ts:39:10)
      at ChannelsCommand.getRequest (shared/extra-utils/shared/abstract-command.ts:83:26)
      at ChannelsCommand.getRequestBody (shared/extra-utils/shared/abstract-command.ts:57:31)
      at ChannelsCommand.get (shared/extra-utils/videos/channels-command.ts:110:17)
      at Context.<anonymous> (server/tests/api/videos/video-channels.ts:242:42)

It seems like the update doesn't get synced to the second server. Do you know what I'm doing wrong here?

@kontrollanten
Copy link
Contributor Author

Thanks. Do you have any comments on the questions in the PR description?

@Chocobozzz
Copy link
Owner

It seems like the update doesn't get synced to the second server. Do you know what I'm doing wrong here?

You need the complete handle and upload a video in the channel so server 2 knows it. I added the commit that fixes tests.

Should we display this Manage channel button, or should we add a dropdown like the account page?

I think the manage button is okay

Should we send a notification and email to the channel owner? I think that would be a great idea.

IMHO I don't think a notification could be interesting for users. It can be confusing to receive a notification that an admin updated one of your channels. I mean, why an admin updated my channel? For what purpose?
I think that most of the time, as an admin, you'll update channels of users for a specific need that should be communicated to the user (by email for example).
But I may miss a use case, so as an admin why do you need this feature?

In the future I think also moderators should be able to edit channels, but that was a bit tricky to solve so I skipped it for now.

I think you can just replace REMOVE_ANY_VIDEO_CHANNEL by MANAGE_VIDEO_CHANNELS. Why is this tricky?

@kontrollanten
Copy link
Contributor Author

Should we send a notification and email to the channel owner? I think that would be a great idea.

IMHO I don't think a notification could be interesting for users. It can be confusing to receive a notification that an admin updated one of your channels. I mean, why an admin updated my channel? For what purpose? I think that most of the time, as an admin, you'll update channels of users for a specific need that should be communicated to the user (by email for example). But I may miss a use case, so as an admin why do you need this feature?

That's my use case as well. The notification idea came from @andrew712-1 (#4598 (comment)) and I thought it may be good to be transparent. But on the other hand I think as a user you don't expect to get a notification if an admin is changing anything in your channel. Since we don't send notifications for similar admin actions I think we can skip it.

In the future I think also moderators should be able to edit channels, but that was a bit tricky to solve so I skipped it for now.

I think you can just replace REMOVE_ANY_VIDEO_CHANNEL by MANAGE_VIDEO_CHANNELS. Why is this tricky?

I don't remember by heart, I just didn't manage to get the role permissions to work when I tried, but I'll try again.

@kontrollanten
fix(server): delete another users channel
416a7f4 
Since the channel owner isn't necessary the auth user we need to check
the right account whether it's the last video or not.
@kontrollanten
REMOVE_ANY_VIDEO_CHANNEL > MANAGE_ANY_VIDEO_CHANNEL
5e7d46e 
Merge REMOVE_ANY_VIDEO_CHANNEL and MANY_VIDEO_CHANNELS to
MANAGE_ANY_VIDEO_CHANNEL.
@kontrollanten
user-right: moderator can't manage admins channel
2c627c1
@kontrollanten kontrollanten changed the title WIP: Give admins access to edit all channels Give admins access to edit all channels Dec 9, 2021
@kontrollanten kontrollanten changed the title Give admins access to edit all channels Give moderators access to edit channels Dec 9, 2021
@kontrollanten
Copy link
Contributor Author

The tricky part was how to handle when a moderator tries to update an admins channel. I found the following code and made same logic here.

PeerTube/server/middlewares/validators/users.ts

Lines 516 to 519 in c4c0c31

return res.fail({
status: HttpStatusCode.FORBIDDEN_403,
message: 'A moderator can only manager users.'
})

Chocobozzz
Chocobozzz reviewed Dec 10, 2021
View reviewed changes
client/src/app/+video-channels/video-channel-edit/video-channel-update.component.ts Outdated Show resolved Hide resolved
client/src/app/+my-library/+my-video-channels/my-video-channels-routing.module.ts Show resolved Hide resolved
client/src/app/+video-channels/video-channel-edit/video-channel-create.component.ts Outdated Show resolved Hide resolved
client/src/app/+video-channels/video-channels-routing.module.ts Outdated Show resolved Hide resolved
client/src/app/+video-channels/video-channels-routing.module.ts Outdated Show resolved Hide resolved
server/middlewares/user-right.ts Outdated Show resolved Hide resolved
server/middlewares/user-right.ts Outdated Show resolved Hide resolved
server/middlewares/user-right.ts Outdated Show resolved Hide resolved
server/middlewares/user-right.ts Outdated Show resolved Hide resolved
server/middlewares/validators/videos/video-channels.ts
@@ -151,31 +149,8 @@ export {

// ---------------------------------------------------------------------------

function checkUserCanDeleteVideoChannel (user: MUser, videoChannel: MChannelAccountDefault, res: express.Response) {
if (videoChannel.Actor.isOwned() === false) {
Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this if should be used to check all routes except /:nameWithHost/followers

You could put this part in a dedicated middleware, and call it in controllers

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we really use this check on regular GET routes?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There's middleware called localVideoChannelValidator but it returns a 404 if the video channel isn't found on the local server. It's only used by activity pub routes, should I move that middleware to validators/activitypub/video-channel.ts and then create a new middleware in validators/videos/video-channel.ts?

Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think I'll remove localVideoChannelValidator
Thanks!

@Chocobozzz Chocobozzz merged commit a37e9e7 into Chocobozzz:develop Dec 13, 2021
@Chocobozzz
Copy link
Owner

Chocobozzz commented Dec 13, 2021
edited

Thanks!

@kontrollanten kontrollanten deleted the feat-4596-edit-channel branch December 13, 2021 14:33
kontrollanten added a commit to kontrollanten/PeerTube that referenced this pull request Jan 15, 2022
@kontrollanten @Chocobozzz
Give moderators access to edit channels (Chocobozzz#4608)
defe4b8 
* give admins access to edit all channels

closes Chocobozzz#4598

* test(channels): +admin update another users channel

* Fix tests

* fix(server): delete another users channel

Since the channel owner isn't necessary the auth user we need to check
the right account whether it's the last video or not.

* REMOVE_ANY_VIDEO_CHANNEL > MANAGE_ANY_VIDEO_CHANNEL

Merge REMOVE_ANY_VIDEO_CHANNEL and MANY_VIDEO_CHANNELS to
MANAGE_ANY_VIDEO_CHANNEL.

* user-right: moderator can't manage admins channel

* client: MyVideoChannelCreateComponent > VideoChannelCreateComponent

* client: MyVideoChannelEdit > VideoChannelEdit

* Revert "user-right: moderator can't manage admins channel"

This reverts commit 2c627c1.

* server: clean dupl validator functionality

* fix ensureUserCanManageChannel usage

It's not async anymore.

* server: merge channel validator middleares

ensureAuthUserOwnsChannelValidator & ensureUserCanManageChannel gets
merged into one middleware.

* client(VideoChannelEdit): redirect to prev route

* fix(VideoChannels): handle anon users

* client: new routes for create/update channel

* Refactor channel validators

Co-authored-by: Chocobozzz <me@florianbigard.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Chocobozzz Chocobozzz Awaiting requested review from Chocobozzz

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Give admins access to edit channels
2 participants
@kontrollanten @Chocobozzz