Needs and benefits
For large Forgejo instances, managing user roles is a highly relevant feature. For example, it would be great to allow people to "moderate" on Codeberg, but potentially limit the impact that moderators can do.
This matter is also relevant for the Forgejo-in-German-schools project, see forgejo/discussions#71 for details. There is likely human power / funding available to get this started, but it is important to draft a concept so that the work can be accepted upstream. I recommend that the chance is taken to get work in this domain "sponsored".
The specific need for this project is:
- there are admins with full admin rights
- there are school-admins with limited admin rights (probably "moderators" who can add and lock users etc, but not toggle any "dangerous" instance-wide settings)
- different roles that allow creating repos and organizations (i. e. disallow certain users to create organizations)
- in the context of the project it is okay to have a backend interface to get user roles, it is likely okay to maintain a soft-fork for certain logic like "if userRole is foo, then do not display bar" in templates or in functions
For Codeberg and potentially other public community-maintained instances it will likely be good to have a moderator role that can perform certain actions, but is also not able to behave destructive towards the instance.
It could also be used to build a reputation system, e.g. automatically give users a more trusted role after being member for a while or performing certain steps, and limiting access to expensive features (code search, CI, more storage etc) for new users.
Feature Description
I'd like to discuss a strategy to implement a backend and coordinate the development between Forgejo and potential developers of the Forgejo-BW project.
I have the following strategies in mind:
Super simple:
- the per-user key/value setting table receives a "role" setting per user
- the role is represented by a string
- the user API is allowed to set / get the field per user (during creation and update)
- an internal function is added to query the role per user
Ideally, there is:
- an instance-wide list of roles available for internal use, and the settings are validated against this
- a dropdown in the user list allows selecting from the available roles
- this could be realized like this:
- there is a pre-defined list of roles like "admin", "moderator", "user", "guest" in Forgejo with pre-defined access roles
- a setting alike "CUSTOM_ROLES" allows a comma-separated list of (either additional or overriding) roles that can be selected
- adding a custom role there means that it receives "normal" user rights by default and custom patches in a soft fork must make use of the role
Fully-featured:
- roles become an integral part of Forgejo
- a table tracks the relation between users and their roles
- there is a way to define exact permissions per role, e.g.
- role "moderator" can view, lock and delete repos, but not view user details
- role "support" can view repos but not modify / delete, but can view user details
- a list of important permissions is implemented and checked, and can be extended step-by-step later
Semi-flexible:
- another inspiration could be the permission system used by the Matrix messenger for example
- user accounts receive a permission level as value between 0 and 100 (or a different scale if desired)
- permission checks can be implemented to require permissions of at least (>=) the necessary value
- permissions do not necessarily need to be named, but it should be easy to allow instance admins to define a list of aliases (e.g. >= 20 is "moderator")
- the system appears to have a good "effort/benefit" ratio, but it explicitly does not support the use case with different roles for user support and moderation as described above
- we should probably gather more feedback on how well it works for Matrix, but additional upsides are that changing the role model later usually does not require "migrating" the permissions, because it is simply a threshold that can be compared against; it feels rather simple but could be too limited for certain use cases
Screenshots
No response
### Needs and benefits
For large Forgejo instances, managing user roles is a highly relevant feature. For example, it would be great to allow people to "moderate" on Codeberg, but potentially limit the impact that moderators can do.
This matter is also relevant for the Forgejo-in-German-schools project, see https://codeberg.org/forgejo/discussions/issues/71 for details. There is likely human power / funding available to get this started, but it is important to draft a concept so that the work can be accepted upstream. I recommend that the chance is taken to get work in this domain "sponsored".
The specific need for this project is:
- there are admins with full admin rights
- there are school-admins with limited admin rights (probably "moderators" who can add and lock users etc, but not toggle any "dangerous" instance-wide settings)
- different roles that allow creating repos and organizations (i. e. disallow certain users to create organizations)
- in the context of the project it is okay to have a backend interface to get user roles, it is likely okay to maintain a soft-fork for certain logic like "if userRole is foo, then do not display bar" in templates or in functions
For Codeberg and potentially other public community-maintained instances it will likely be good to have a moderator role that can perform certain actions, but is also not able to behave destructive towards the instance.
It could also be used to build a reputation system, e.g. automatically give users a more trusted role after being member for a while or performing certain steps, and limiting access to expensive features (code search, CI, more storage etc) for new users.
### Feature Description
I'd like to discuss a strategy to implement a backend and coordinate the development between Forgejo and potential developers of the Forgejo-BW project.
I have the following strategies in mind:
**Super simple:**
- the [per-user key/value setting table](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/models/user/setting.go) receives a "role" setting per user
- the role is represented by a string
- the user API is allowed to set / get the field per user (during creation and update)
- an internal function is added to query the role per user
Ideally, there is:
- an instance-wide list of roles available for internal use, and the settings are validated against this
- a dropdown in the user list allows selecting from the available roles
- this could be realized like this:
- there is a pre-defined list of roles like "admin", "moderator", "user", "guest" in Forgejo with pre-defined access roles
- a setting alike "CUSTOM_ROLES" allows a comma-separated list of (either additional or overriding) roles that can be selected
- adding a custom role there means that it receives "normal" user rights by default and custom patches in a soft fork must make use of the role
**Fully-featured:**
- roles become an integral part of Forgejo
- a table tracks the relation between users and their roles
- there is a way to define exact permissions per role, e.g.
- role "moderator" can view, lock and delete repos, but not view user details
- role "support" can view repos but not modify / delete, but can view user details
- a list of important permissions is implemented and checked, and can be extended step-by-step later
**Semi-flexible:**
- another inspiration could be the permission system used by the Matrix messenger for example
- user accounts receive a permission level as value between 0 and 100 (or a different scale if desired)
- permission checks can be implemented to require permissions of at least (>=) the necessary value
- permissions do not necessarily need to be named, but it should be easy to allow instance admins to define a list of aliases (e.g. >= 20 is "moderator")
- the system appears to have a good "effort/benefit" ratio, but it explicitly does not support the use case with different roles for user support and moderation as described above
- we should probably gather more feedback on how well it works for Matrix, but additional upsides are that changing the role model later usually does not require "migrating" the permissions, because it is simply a threshold that can be compared against; it feels rather simple but could be too limited for certain use cases
### Screenshots
_No response_