Missing control for permission user.edit in the admin

[clarkwinkelmann]

The permission user.edit which control which groups can edit a user is supported in Flarum and can be set via the API. However it is not present on the Permission page of the admin panel.

[franzliedke]

@clarkwinkelmann Can you clarify what use-case you are targeting in making this configurable? I quickly chatted to Toby and he agreed that this might have been intentional (i.e. because it's such an obvious admin-only feature).

Even if there are a few use-cases, maybe it's better to leave this to extensions, to prevent standard Flarum installs from making it too easy to accidentally give this permission to someone else (especially as there is no explanatory text detailing what exactly this allows).

@flarum/core Any opinions?

[tankerkiller125]

I could see this being handy to some corporations, I have seen forums where the corporations handle the overall operations of the forum (keeping it online, extensions, themes, etc.) but chooses to allow their most trusted members to moderate often with little contact with the actual company. This could result in offensive usernames taking longer than reasonable to get changed by the actual admins of the forums.

Another possibility along the same lines is some corporations have their IT department and only their IT department handle operations and overall administration of forums, but the IT department does not handle actual content moderation and is only contacted for moderation issues for extreme issues. Instead moderation is often the job of a dedicated team or the support staff who are given the full role to do pretty much anything in regards to use accounts, discussions and post.

As far as use with general communities I will admit I don't see much a use case, but from a business side of things I certainly can see use case. Notably working in IT if the company I worked for setup a public forum for customers I would not want to be bothered with name changes or other moderation related task when I have more important things to deal with.

Something we may also want to do is create a hover over explanation for possible all the permissions. This may resolve the issue regarding an admin not knowing exactly what the permission does.

[franzliedke]

@tankerkiller125 Thanks for your input! The way I read it, it feels almost like an argument for not having this in core. If 95% of our users don't need this, then this feels like extension territory?

[tankerkiller125]

@franzliedke I agree this may actually be in the extension territory considering that it may not be needed by everyone. Maybe we should run a poll or something on the Flarum discussions page and see what general forum administrators not on github think?

[clarkwinkelmann]

My thoughts on this are:

• Core already adds the "feature" itself (the policy). Only the control is missing
• The control doesn't add any complexity or new logic, it just needs to be added to the list of permissions in the admin panel

Because of this, I think the effort to add the control in core will be far more time-effective than having to explain to people why it's not in core and how an extension would go to add the single missing entry on the permissions page.

The use case was as someone wrote on the forum, you might want to give Mods the ability to edit users without giving them access to the whole admin panel.

[luceos]

Agreeing with @clarkwinkelmann ; let's merge the related PR for beta 10.

[franzliedke]

The use case was as someone wrote on the forum, you might want to give Mods the ability to edit users without giving them access to the whole admin panel.

That's convincing enough, so I agree.

[rusprice]

This was my problem by the way, I agree that the people in higher ranking should not have to deal with moderation, I want to give my moderators this permission to change user names, and give roles. We give users a discord “badge” (as we like to call it) when they join the discord. So I need the moderators to do this as well.

[clarkwinkelmann]

I think giving roles is still an admin-only feature at this point.

Problem is, role-givers can currently give any role, so letting non-admins handle roles lets them upgrade themselves to admin, bypassing any other permission they might have.

If you'd like to discuss the "add role" permission, please open a new Feature discussion on Discuss so we can discuss if it can be realistically implemented in Flarum.

A special-purpose extension to add that badge only might make more sense in order to not let mods handle more than they are supposed to.