-
-
Notifications
You must be signed in to change notification settings - Fork 7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Change account suspensions to be reversible by default #14726
Conversation
9b342f0
to
f9ad22d
Compare
b4b13ca
to
7f4a778
Compare
813767c
to
37034d9
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Mostly ok with this (except for the missing AP support and #14775 but those can be fixed in later PR) except for concerns about code being split from SuspendAccountService
into DeleteAccountService
(which is a good idea nevertheless):
SuspendAccountService
doesn't setsuspended_at
anymore, which seems counterintuitive and may not be fine with all callers- I believe some parts of the code are calling
SuspendAccountService
when they should really be callingDeleteAccountService
:lib/mastodon/domains_cli.rb
lib/mastodon/accounts_cli.rb
app/lib/activitypub/activity/delete.rb
app/models/form/account_batch.rb
return unless @options[:reserve_username] | ||
|
||
@account.silenced_at = nil | ||
@account.suspended_at = @options[:suspended_at] || Time.now.utc |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm worried about SuspendService
not setting suspended_at
anymore… this basically requires the caller to mark the account as suspended. Maybe this is fine? I'm not sure.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
An issue I have run into before is I suspended someone and then I wanted to cancel it. I unsuspended quickly, but when the background job kicked in, it reset the account back to suspended. This is something I wanted to avoid.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Wouldn't that still be an issue with the service removing stuff from TLs? And wouldn't that be fixed anyway by UnsuspendAccountService
nullifying the suspended_at
attribute?
37034d9
to
a4d6b00
Compare
a4d6b00
to
f9c5407
Compare
🦀 🦀 🦀 |
Fix #6954
Instead of instantly deleting all account-owned data when suspending, hide it in the API layer. Instead of returning a HTTP 410 error for accounts that have been suspended, return an empty account with a new attribute
suspended
. Add a "suspended" account view to the web UI. Do not immediately send Delete activities to other servers.This allows suspensions to be losslessly reversible, which helps with accidents, mistakes and appeals. It also allows providing the suspended user with a backup for GDPR compliance. Schedule real deletion after 30 days, while allowing admins to still override and speed up that process.
Federation-wise, this PR does not include any changes. This means that a locally suspended account continues to be visible on other servers like nothing happened for 30 days (but obviously cannot post or interact with anyone anymore). Federation support needs to be added in a future PR.
Extracted into separate PRs: