Add permission for Reset Comment/Avatar #4196
Conversation
Krzmbrzl
added
the
acl
|
If there are moderators on your server who should be able to remove comments then it is better to be bound to "move". Btw this only works if the permission is set in the root channel. A moderator can't do much with move, but anyone with "register users" is able to see all user information, including IP address and certificate AND is able to remove oder rename all existing user registrations via Server -> Userlist. |
|
Sorry for the use of force pushes, I was struggling trying to do the commit squashing. @Natenom Currently the Move permission has a lot of utility for my server, it's very convenient for a few privileged users to be able to do. The server doesn't have a large amount of users, 20 people maximum, so I allowed self-registration for everybody and so far there hasn't been issue. No one has needed to be registered by another user. I don't think my situation is unique either, browsing through some of the publicly listed servers shows a low population. |
|
I think it's really silly that Mumble reuses the same ACLs for different purposes in the first place. Imo there should be a distinct ACL for every distinct action you want to be controlled. But I guess that's something for the rewrite ^^ I think there's the need for some discussion before merging this PR. See my comment in #1016 EDIT: Btw. force-pushing is no problem for PRs (in fact it's almost always necessary and we do it all the time) :) |
There was a problem hiding this comment.
I agree with @streaps that ultimately this should be a separate ACL. Do you think you can implement that?
This would require adding the new ACL as a new flag, modifying the server to use the new ACL (as you did with this PR) and modifying the client's ACLEditor UI to also include this new ACL.
|
Yes I can attempt this, I will try to submit the new commits within the week. What would be the best way to submit this? My original PR was a small change so putting it all into one commit made sense but this will require many more changes, should it still be submitted as a singular commit? TODO list mostly for myself of files that will need to be changed.
While digging I also found an issue and PR that are related, #3861 and #2421 respectively. The PR is from 4 years ago but it seems to be a good place to start, and thankfully includes this guidance. |
|
Awesome! I think you can pretty much cherry-pick the commits from that PR and then we can pick off from where they left: Thinking about what to do with backwards compat. My suggestion would be to simply check the server's version via mumble/src/mumble/MainWindow.cpp Line 2017 in 39c81de And in that if-block we can add the new permissions to the ACL window as this means that the server is running 1.4.0 or newer. And I'd simply leave the old Move-permission alone. On old servers it'll function as this hybrid permission and on newer version it'll work as one should expect And about the commits: Don't worry for now. Let's just implement this and once it's done we'll have a look at what changes could be grouped together and based on that we can squash commits :) |
|
This means if I connect to an 1.3 server I get the current behaviour of 1.3? I like that, it's easy to understand and has no weird side effects on upgrade. |
That'd be the idea, yes. It should appear as if nothing had changed
Except for folks that are used to use the move privilege also being responsible for comment resetting being confused why that doesn't work anymore. But this should be pretty self-explanatory once they see that there are separate ACLs for that now |
Krzmbrzl
changed the title
|
I implemented the backward compatibility check via |
There was a problem hiding this comment.
After having fixed everything, please squash all changes into the single commit you already have. After that run ./scripts/updatetranslations.sh in order to include the new strings in Mumble's translation process.
And in regards to your commit message:
- There's a typo: "...to reset another users comment or avatar..." should be "...to reset another user's comment or avatar..." (note the apostrophe)
- "On these older servers, granting the Move permission in the root channel grants both of these new permissions." - technically that's not true and might cause confusion. I'd go with something like "On older servers the Move permission in the root channel was also used for allowing or denying comment and avatar changes."
|
Oh and btw.: #3861 is not addressed by this PR as this is another issue. The user there didn't request for an ACL that allows to reset comments but rather an ACL that prevents users without it to set comments in the first place. |
|
I also just remembered something else: We currently have duplication of where the ACLs are defined. They are also in Lines 143 to 172 in 50aea07 And thus this also has to be updated |
|
Thanks for spotting these many mistakes @Krzmbrzl, I should stop editing after a certain time in the night |
|
I didn't realize that there are now two new ACLs. I thought the proposal was to add one ACL for resetting Text and Avatar. This is getting way to fine-grained (IMHO). What is the use-case for that? |
I think it's better to have both, it's more explicit for the administrator, ACL is occasionally regarded as being complicated already. As for the use-case, I have a some ideas for my own server that will place more importance on avatars than comments. There's also already this kind of fine-grained control already in the ACL system, in the form of the traverse vs enter permissions. I don't think the ACL being fine-grained is bad either, it's the kind of thing an administrator typically desires. The only problem I can imagine for the user is making the UI a bit more cramped but it's only 2 extra rows in the permission list. |
|
But it doesn't stop there. Now we have the situation that in some PR it was decided ad-hoc that ACL should be as fine grained as possible. Now others have other needs and want to split up other permissions too. With how many permissions will we users have to deal with (an admin is also a user and not every admin is comfortable in juggling endless permissions). This super-fine granularity is inconsistent with the permissions we have now. It's also affects other Mumble clients, servers and remote management apps. So why don't we have a separate permission for: I also would like to see a "Write ACL" permission for every single permission. Write "Write" ACL I think that would be really useful for some use cases. ;) You wrote you have some ideas, but you didn't describe your use case and why exactly you think one new permission is not enough. |
I originally added 2 new permissions instead of one in this PR because as mentioned by @mkrautz in #2421
However if you feel this strongly that it should be only one permission and others agree then it can be modified to only be one permission. @Krzmbrzl did make a comment suggesting to use the ban permission, so perhaps it could even be reduced back to 0 new permissions? My primary concern is getting this functionality out of the move permission. You mentioned being able to change others avatars/comments, however as mentioned by @bontibon in the original issue for adding a method to remove avatars comments #1218 :
As such I didn't ask it about, it would only complicate what this PR is trying to do, which as stated is to get this functionality out of the move permission. However, perhaps you can implement a PR doing this so it can be discussed? Opinions may have changed over time :) I'm confused about what you mean by having "Write ACL" for every permission? As for my own ideas, one of them was to replace the icon to the left of the users username with a scaled down version of their avatar, I didn't go into them because I didn't think it's important and I've done shockingly little work on it so far :) |
|
I see, my ironic rambling is too confusing. My point is: there should be a good reason to introduce a new permission or make changes. I think there is agreement, that the comment/avatar reset should not be linked to the Move permission. It could be under the Kick or Ban permission, which both are global permissions too. It could also be a new permission (I forgot why I thought it is a good idea to have an own permission for it). I just don't see why we need two new permissions. The original idea was that it should be possible to remove problematic avatars, like it was already possible to remove problematic comments. I cannot come up with a scenario where it would be useful to give a moderator the ability to remove comments but not avatars (or the other way around).It also could be called Reset User Profile (or something similar). |
|
I think using separate permissions for separate actions is the way to go. I already dislike that some permissions are used for other stuff as this is very counter-intuitive and also a mess for maintenance as you get all sorts of side-effects when granting/denying permission X. In regards to users getting confused, I think this is then a flaw of the UI. Right now the way ACLs are presented to the user is quite messy (also the way they are implemented but that's another issue) and definitely needs some workup at some point. However the problem is not that there are too many permissions (imo). |
If that means that a permission for reset avatar and reset comment is needed than that would imply that we should split everything up into a hundred permissions. changing my own comment is an action, changing my own avatar is an action. Then there are passive actions: receiving text, receiving audio, receiving the user list, receiving the channel list, ... Adding super-fine-grained permissions in this case – just because it would be better in the first place – would be some half-assed solution without a bigger plan. I'm not against fine-grained permissions on the atomic level in general, but it would need a different and better admin UI. Now it only adds complexity without any real value. Nobody needs to configure avatar and comment reset separately. Did anybody ask for it, because it's essential for their setup? Please don't add unnecessary cruft to the UI. |
I agree (as written above).
I think 2 more rows should be manageable. It's not like this PR adds 200 new permissions. The fact that the UI has not been overhauled yet, shouldn't mean that we can't start improving stuff somewhere else already. That'd totally break the development flow. |
|
That being said though, in the end I don't really care whether it ends up being 1 permission or 2. I think either works though from a purely conceptual point of view I'd prefer 2 |
|
Suggestions have been committed and then squashed as requested, thank you for all of the help @Krzmbrzl :) |
alexscorer
changed the title
|
Am I mentioned because I'm such a grinch I agree with @streaps in two things:
So for a compromise: For the new UI, i imagine a system like this: |
|
In principle I think the proposed compromise sounds good, however it'd involve a bit of special case handling in the UI code and I think it's not really worth the additional work. Let's go with a single permission for both and call it @alexscorer sorry that we didn't have this discussion earlier, but I think it shouldn't be a lot of work to squash the 2 new commits into a single one. Could you do that, please? EDIT:
Haha no. I mentioned you because you are very active on GitHub (and thus likely to answer in time) and also not shy of expressing your opinion ;) |
This commit introduces a new permission, ResetUserContent, to grant the ability to reset another user's comment or avatar. It also includes a check in the ACL editor window. If the server version is less than 1.4.0 then don't show the new permission in the ACL checkbox list as the server won't respond to it. On older servers the Move permission in the root channel was also used for allowing or denying comment and avatar changes.
|
I'll confess, I went with the easier method that @Krzmbrzl proposed rather than try to make a new "umbrella" permission, although it sounded better. Sorry @toby63 but perhaps it's something I or someone else can try to implement later :) |
alexscorer
changed the title
|
Thank you very much for your contribution! :) |
Currently if a user has a "move" permission, they can also reset the comment or avatar of another user as describe in issue #1016. I stumbled into this by accident when I gave a user the move permission to help get new users into the right channels with their friends.
After reviewing the content found in PR #1223 which introduced the reset avatar feature, I found the code that allowed a user to do these resets and changed the required permission from Move to RegisterUser as suggested by @bontibon in the issue thread. As they state, this permission makes more sense than the move permission.
After compiling I found no issues and the changes worked as expected. The one caveat is that if the server has these changes implemented and not the client, (seems daft but this is preferable for me so I don't have to ask my users to change anything) it makes the permissions required to do the reset be move AND registeruser. The client will expect the user to have Move permission and the server will expect the RegisterUser permission, hence then requiring both.
Fixes #1016