Versions Compared

Version Old Version 24 New Version 25
Changes made by

Martin Kraft (Deactivated)

Dennis Kittrell (Deactivated)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Status:

Status
colourYellow
title50%

OVERVIEW

This specification outlines how to achieve the “channel moderation” feature in Mattermost. Channel moderation provides system administrators with toggles to disable members and/or guest of a given channel from performing the following:

...

For example, say the higher-scoped scheme removes the “Archive Channels” permission (technically the delete_public_channel and delete_private_channel permissions). That permission is not configurable on the channel scheme given the current UI, so the system admin would not expect that permission to remain present for all channel that have moderation enabled, in spite of the fact that the permissions architecture would leave it present on the channel scheme by default. So we must have code that removes that permission from the channel scheme for all affected channels.[vvv TBD vvv]

Since there is no “inheritance” as such between schemes, all channel-scoped permissions that are not modified by the channel moderation UI are updated on the channel scheme upon each change to the higher-scoped scheme.

Channel-scoped permissions are the only type of permissions that can be used by channel schemes, thus they’re the only permissions modifiable by channel moderation settings, and the only permissions that must be updated per changes to the higher-scoped scheme.

Question for dev: Instead of keeping the non-channel-moderated channel-scoped permissions synchronized between the higher-scoped scheme and the channel schemes could we change the core way the permissions system works to use the channel scheme for a set of permissions and the higher-scoped scheme for the rest?

The following actions trigger synchronization of permissions from high-scoped schemes to channel schemes:

...

  • add a channel-scoped permission to a team scheme (if it has an associated team)

  • remove a channel-scoped permissions from a team scheme (if it has an associated team)

  • add a team to a team scheme

  • remove a team from a team scheme

  • delete a team scheme

  • create a team scheme (if it has an associated team)

...


Permissions

New permission:

...

create_post_public
create_post_ephemeral
delete_post/delete_others_posts (exposed in schemes UI)
edit_post/edit_others_posts (exposed in schemes UI)
manage_channel_roles
manage_public_channel_properties/manage_private_channel_properties (exposed in schemes UI)
delete_public_channel/delete_private_channel (exposed in schemes UI)
read_channel
remove_others_reactions
upload_file

The permissions marked with (exposed in schemes) UI are the ones that when changed will

Question for PM: Do we need to expose create_post and use_channel_mentions in the system and team schemes UI?

Schema

No schema changes.

REST API

...