TL0 members can’t flag posts in public topics, but they can flag posts in PMs. However, the “something else” option doesn’t work as expected for TL0 members. (Discovered on our forum, Discourse 1.9.0.beta1 and confirmed on latest, Discourse 1.9.0.beta12.)
Steps to reproduce:
Send a message to a TL0 member.
TL0 member flags that post, chooses “something else” and writes an explanation.
Expectation:
The flag will appear like any other custom flag.
Actual outcome:
The flag is created, but the message is not sent, and no dialogue is created.
The two flags raised by SpareBear (TL0) show no message, even though one was entered, and there is no “Reply” button. The flag raised by SuperTed (TL2) functions as expected.
The reason for this behaviour was because TL0 users (with default settings) aren’t allowed to create private messages, and those “custom” flags are private messages to moderators. I fixed this by allowing TL0 users to send PMs to moderators. If any new users abuse this, the moderators have the power to deal with it, so I think this is low-risk.
That’s a pretty big structural change. How did this ever work before, since this is a new regression, and that loophole was not present to my knowledge since 2013?
My concern is that randos could sign up for infinite new accounts and grief the mods with no practical limit. We see it with the Korean bamwar folks, for example…
I am not 100% this did not exist forever, in the past you only got access to the flag dialog when you got to tl1and the only pm you had going was the welcome pm which was direct to moderators in many cases
I don’t recall any spam reports with the welcome PMs in the past, but I am not certain we could have had them
Yeah the idea is they can reply to any pm they get but they can’t send a pm at trust level 0. Still if we are now globally allowing tl0 flags everywhere that is not a good idea.
