Allow sending Private Messages to Staff

pfaffman · December 4, 2017, 8:00pm

I have a client who wants to have people send a form with some information on it. No problem, just Compose a new pre-filled personal message via URL!

But this client also wants to disable private messages for at least most users, so that won’t work. (I tried )

One solution would be a site setting that would allow users to be able to send PMs to staff.

Perhaps I’m missing something, bu tI’m afraid the other solutions all require a plugin or some other app. (e.g., Canned replies works only for staff, right?)

codinghorror · December 5, 2017, 12:32am

Why does this form need to be in Discourse? Just create a Google Docs form or something.

pfaffman · December 5, 2017, 12:34am

Yeah. That was my idea too. Crazy guy just doesn’t want to leave Discourse.

I’ve got two clients right now who are itching to do everything in Discourse and not have WordPress/Drupal/Squarespace to handle other stuff.

codinghorror · December 5, 2017, 12:47am

Right but at the point when you’re contorting the system into a maybe a simple Google Docs form would be better?

angus · December 5, 2017, 1:14am

If I’m reading you right, you want to restrict the target of pms to staff only?

You could do this relatively easily in a standalone plugin. The plugin.rb would read:

# name: only-pms-to-staff
# about: You can only send pms to staff
# version: 0.1
# authors: pfaffman

after_initialize do
  add_to_class('guardian', :can_send_private_message?) do |target|
    target.is_a?(User) &&
    # User is authenticated
    authenticated? &&
    # Have to be a basic level at least
    @user.has_trust_level?(SiteSetting.min_trust_to_send_messages) &&
    # User disabled private message
    (is_staff? || target.user_option.allow_private_messages) &&
    # PMs are enabled
    (is_staff? || SiteSetting.enable_private_messages) &&
    # Can only send pms to staff
    target.staff?
  end
end

The original method is here.

See also: How do disable private messages between non staff users?

pfaffman · December 5, 2017, 7:42pm

Thanks, @angus!

Here’s what I ended up with. If I were better at understanding the distributed properties of and and or, I’d have moved target.staff? outside of those three expressions, but this seems to do what I wanted. My scant tests show that it allows sending to an admin and if you send to an admin and another user, it is denied.


after_initialize do
  add_to_class('guardian', :can_send_private_message?) do |target|
    target.is_a?(User) &&
      # User is authenticated
      authenticated? &&
      # Have to be a basic level at least
      (target.staff? || @user.has_trust_level?(SiteSetting.min_trust_to_send_messages)) &&
      # User disabled private message
      (target.staff? || is_staff? || target.user_option.allow_private_messages) &&
      # PMs are enabled
      (target.staff? || is_staff? || SiteSetting.enable_private_messages)
  end
end

it doesn’t quite meet my standards for posting to #plugins just yet, but if anyone stumbles here and wants to do this, here’s this:

angus · December 6, 2017, 1:26am

On the face of it, these changes allow:

Any user who has the min trust level to send a pm, to send a message to any other user who has not disabled pms, regardless of whether or not they are staff.

The issue is this line:

target.staff? || is_staff? || SiteSetting.enable_private_messages

The first alternative, i.e. target.staff?, is redundant, as the last alternative will always be true as long as pms are turned on.

The is_staff? check here is used to ensure that staff members can still perform an action even if that action is disabled (this is normal practice in the Discourse code). Keep those two as the only alternatives in that line, i.e.

(is_staff? || SiteSetting.enable_private_messages)

There was an issue with my initial code, as it didn’t allow staff members to send messages to non-staff members. The way to fix that is by adding the is_staff? check to that line specifically, i.e.

(is_staff? || target.staff)
Any user of any trust level to send a message to a staff member (e.g. immediately after joining).

The issue is this line:

(target.staff? || @user.has_trust_level?(SiteSetting.min_trust_to_send_messages))

This means that if the target is a staff member you don’t need the min trust level. Probably best to require the min trust level for all messages.
If a staff member has specifically dis-allowed pms to be sent to them, you will still be able to send pms to them.

The issue is this line:

(target.staff? || is_staff? || target.user_option.allow_private_messages)

Unless you want pms to reach staff members even if they have specifically disabled them, remove target.staff? from this check.

pfaffman · December 6, 2017, 1:37am

First, I really appreciate your help.

But that didn’t seem to be the case, when I tested. I even tested sending to a staff and a non-staff person in a single message and it was rejected.

target.staff? || is_staff? || SiteSetting.enable_private_messages

The way I read that, it’s

the receiver is staff OR
the sender is staff OR
private messages are enabled (and they’re not for this site, which is what I’m trying to solve)

And I (or this client) want everyone to be able to send to staff.

Hooray! That’s what I wanted! (Of course, it could prove to be a problem, but we can solve it when there is one) It’s good advice to change that to TL1, though. I made a note of that too.

Ah, that’s (but one of the reasons) why I don’t think anyone should use this. For this site, I’m sure that no staff will be disallowing PMs. I should probably fix this one. I added a comment to remind me to do so when I can “test” – not to be confused with writing a proper test! (Or maybe I want to make sure that a staff member who needs to receive these messages doesn’t inadvertently disable PMs – A documented bug is a feature!)

Thanks again, @angus! A couple more trivial plugins under my belt and I might do something useful!

angus · December 6, 2017, 2:03am

Ah, I had assumed you were going to keep the site setting on. That change in logic makes a bit more sense now

However, I think you may want to keep the site setting on and restrict pms just via the guardian though. If the site setting is off this will also:

Disable message-related elements in the UI, specifically the messages icon in the user menu will not appear and the private messages button will not appear in the user profile.
Prevent the user from taking the notify_user and notify_moderator post actions (see here). These post actions require private messages.

And there may be more instances of that setting being used to disable functionality in the future.

If I’m reading you right, your case is one of permissions, not one of functionality? You still want the functionality, just a restricted version of it.

edit: re-reading your first post, maybe you do want to disable the functionality entirely! Well at least we thought this through.

pfaffman · December 6, 2017, 4:12pm

This is how my naive solution is so lucky! The plan is to use a URL to generate the initial message, so not being able to see the PM interface is a bonus!

That’s pretty fine too, as this is basically doing the same thing as using a Google form would be. It’s mostly for a one-way initiation of a conversation. I should check what happens if someone replies to the PM, though.

Ah, yes. The Royal “We”. Thanks very much for your help. You’ve taught me a lot and I appreciate it.

Stephen · April 2, 2020, 3:49pm

Did you ever find a solution for this Jay?

Running into a similar problem that would be solved very neatly by preventing normal 1:1 PM’s. It’s a volunteer organisation and they need volunteers to communicate with coordinators, but ideally not amongst themselves.

pfaffman · April 2, 2020, 4:24pm

The plugin mentioned above (https://github.com/pfaffman/discourse-allow-pm-to-staff) works. I don’t make any promises, but the client who commissioned it still uses it, so it’s activtely maintained, and even has tests that are run on travis.

markersocial · July 22, 2020, 7:52pm

Thanks for sharing @pfaffman and @angus!

Did you get this working @Stephen?

I understand that this was provided free with no promises, which is really appreciated.

So just a heads up, it appears to not be working currently. Unless I’ve misconfigured something, the plugin is installed and enabled.

I’ve tested with ‘min trust to send messages’ set to 1, with a TL0 user attempting to PM a staff member. Also ‘min trust to send messages’ set to 2, with a TL1 user attempting to PM a staff member.

In both cases, the personal message button was hidden on the profiles of staff for the regular user account if their TL is below the ‘min trust to send messages’ setting. Receiving PMs is enabled in the target staff user’s settings also.

This is the case for me, for both 2.5.0 stable and 2.6.0.beta1 (tests-passed).

On stable I also tested manually composing a message from the /u/username/messages page and inputting the staff member as the receiver but the message was rejected on submission.

pfaffman · July 22, 2020, 9:26pm

Well, it seems to be working on my dev instance running 2.6.0.beta1 and also on a production instance at 2.5.0.beta4 and it’s still passing tests at travis.

My only guess is that it doesn’t work for multisite and you’re running multisite?

markersocial · July 23, 2020, 3:54am

That’s great to hear it’s working! Perhaps I’m missing something obvious. This wasn’t on multisites, just standard docker installs.

The steps taken where:

Install plugin from https://github.com/pfaffman/discourse-allow-pm-to-staff.git. I didn’t specifically enable this plugin or set any plugin specific options. The /admin/plugins shows ‘enabled?’ set to Y though.
Adjust ‘min trust to send messages’ and test with a regular user account that falls below this selected TL by attempting to message staff.
Tried removing all plugins except this on stable 2.5.0 in case there was some conflict, but didn’t make a difference.

markersocial · July 25, 2020, 10:07am

Figured out what was wrong

I didn’t customise/configure the Travis testing, so it seems to have prevented the plugin from working.

So I tried removing everything except the plugin.rb file and it started working for me. I modified the logic slightly for my use case also.

As it is currently, TL0+ can message an admin if their trust level falls below the ‘min trust to send messages’ configured, but they cannot message a moderator.

So to modify this, this section needs to be changed very slightly (appreciate the clear comments ):

# Have to be a basic level at least -- and now: OR SENDING TO ADMIN
(is_group || @user.has_trust_level?(SiteSetting.min_trust_to_send_messages) || notify_moderators || target.admin) &&

If you want to allow messaging to any staff member (who has not specifically disabled receiving personal messages), then change it to:

# Have to be a basic level at least -- and now: OR SENDING TO STAFF
(is_group || @user.has_trust_level?(SiteSetting.min_trust_to_send_messages) || notify_moderators || target.staff?) &&

If you want to enable messaging to mods only and not admins:

# Have to be a basic level at least -- and now: OR SENDING TO MODERATOR
(is_group || @user.has_trust_level?(SiteSetting.min_trust_to_send_messages) || notify_moderators || target.moderator) &&

Thanks again @pfaffman and @angus!

pfaffman · July 27, 2020, 4:29pm

That’s odd. I don’t know how that could be.