Is there any plans to add more groups?
Not only admin/user but something between? Especially interesting in read-only users.
It can be useful when chat is open for everyone. I ask because recently was a case when new user start to write abusive messages. It was required to set access only by invitation for a while.
FoggyFinder
All 5 comments
@FoggyFinder we have a few things in flight for that.
One is a "web-public archive" feature, which makes it possible to have certain streams readable by anyone on the Internet without creating an account.
The second is a "report spam" feature, which makes it easy to quarantine accounts of people who are sending abusive messages.
Would some combination of these solve the problem you're looking to solve? In that case, we can close this issue (if you search our issues you'll find those two; I'm just mostly AFK right no so can't look up quickly).
timabbott
on 24 Jun 2018
Would some combination of these solve the problem you're looking to solve?
Sadly, no. Disabling the user does not solve the problem - a new account is created and the attack is repeated.
FoggyFinder
on 24 Jun 2018
Well, the web-public archive will do what you need for people who are that persistent. But the concept behind "report spam" is that the first 1-2 people who see the abuse click it and the user's abuse is stopped (and any message they has sent hidden) so that the impact is slow. The hope is that will help with less persistent attackers of that form (we've had a few who've shown up harass people in the chat.zulip.org community as well).
The one other setting that might be useful for anti-spam is blacklisting most "disposable email" type domains -- see that setting in the "organization permissions UI". That at least can increase the effort required to send abuse.
timabbott
on 24 Jun 2018
@timabbott how about semi-readonly streams? As in streams that only certain accounts (specific emails, user groups) can post in?
Also, how about user(-permission)-groups? Let a set group of users permissions to perform some kind of action?
gioragutt
on 24 Jun 2018
@gioragutt in master (for 1.9.0) we've added a feature that limit sending to a give stream to organization admins. The plan is to extend that to allow specifying a user group as well, though that won't be in 1.9.0.
We're trying to avoid building a completely generic "group permissions" system for now, since that entails a huge amount of subtle security model complexity, and it's not needed for most applications.
timabbott
on 25 Jun 2018
Related issues
timabbott
路
5Comments
JulianGro
路
3Comments
timabbott
路
3Comments
timabbott
路
5Comments
showell
路
4Comments
Most helpful comment
@gioragutt in master (for 1.9.0) we've added a feature that limit sending to a give stream to organization admins. The plan is to extend that to allow specifying a user group as well, though that won't be in 1.9.0.
We're trying to avoid building a completely generic "group permissions" system for now, since that entails a huge amount of subtle security model complexity, and it's not needed for most applications.