Create "Moderator" level User and corresponding permissions

[di]

Currently on PyPI, we have two types of users:

• regular users
• administrators (for which User.is_superuser is true)
• (There is also a field User.is_staff but I believe it's unused).

It'd be great to add an intermediate level of user, "Moderator", which has the ability to do the following:

• view all the existing /admin views (but read-only)
• set upload limits
• add classifiers
• etc

The "Moderator" user should not be able to:

• change emails (including verified or active status)
• delete projects
• nuke users

(cc @99)

[dstufft]

The User.is_staff field comes from when I was attempting to port Warehouse to Django, and I do believe it is entirely unused.

One thing that might also be useful (although could come at a later time too!) is the ability to do things like request a delete of a project (or a nuke of a user etc), and then have the admins be able to deny or approve that request. That allows them to structurally make recommendations to the admins, and the admins to still have the final say. It also allows us to provide a path towards moderators becoming admins (if they desire) since we can easily look and go "hey, every time this person makes a recommendation we end up following up, maybe we just want to promote them".

[di]

Agreed. I think the steps to address this, roughly broken up by PRs, would be:

• Add a new field/migration to the User model, as well as corresponding UI in /admin for administrators to toggle this flag for users;
• Add ACLs for various /admin POST endpoints, as well as conditionals in the HTML templates to hide actions that are not enabled for moderators, and to make fields not appear editable;
• Add back these actions as "request/recommendation" actions that get raised to administrators. This could piggyback on the system we use for User report mechanism for projects that damage other packages, don't adhere to guidelines, or are malicious #3896.

[dstufft]

Yea, that seems like a great path forward.

[crwilcox]

I am going to start working on this. I have the first part complete (add new field and migration as well as adding is_moderator as settable in admin UIs) https://github.com/pypa/warehouse/pull/5249/files

[crwilcox]

@di @dstufft I am moving on to Add ACLs for various /admin POST endpoints, as well as conditionals in the HTML templates to hide actions that are not enabled for moderators, and to make fields not appear editable;

Do you have a starting list of activities you would like to allow moderators to do? For instance, should moderators be able to mark other users as having a verified email?

[di]

@crwilcox See the issue body:

view all the existing /admin views (but read-only)
set upload limits
add classifiers

[di]

#5249 is merged, we can now set users as moderators.

@jamadden @yeraydiazdiaz Would you like to be moderators?

[yeraydiazdiaz]

That’s a yes for me, thanks ☺️

[crwilcox]

@theacodes volunteered if you want additional moderators.

[pradyunsg]

I volunteer too, if you need more eyes and hands on deck. :)

[jamadden]

Yes, please. And thank you.

[jamadden]

@ewdurbin I got your Slack invite, thank you. Would it be possible to switch it to the alternate address for my PyPI account?

[ewdurbin]

absolutely. will do.

[di]

Hey, we have moderators now! Closing this.