Bug in TL0 message flagging

TL0 members can’t flag posts in public topics, but they can flag posts in PMs. However, the “something else” option doesn’t work as expected for TL0 members. (Discovered on our forum, Discourse 1.9.0.beta1 and confirmed on latest, Discourse 1.9.0.beta12.)

Steps to reproduce:

Send a message to a TL0 member.

TL0 member flags that post, chooses “something else” and writes an explanation.

Expectation:

The flag will appear like any other custom flag.

Actual outcome:

The flag is created, but the message is not sent, and no dialogue is created.

The two flags raised by SpareBear (TL0) show no message, even though one was entered, and there is no “Reply” button. The flag raised by SuperTed (TL2) functions as expected.

7 Likes

TL0 member is using the english language?
It’s seems there is a bug when member and forum are not both in english
https://meta.discourse.org/t/custom-message-in-flag-report/71000

1 Like

Forum is English-language only, and the message was definitely in English.

4 Likes

@neil we should fix this

2 Likes

The reason for this behaviour was because TL0 users (with default settings) aren’t allowed to create private messages, and those “custom” flags are private messages to moderators. I fixed this by allowing TL0 users to send PMs to moderators. If any new users abuse this, the moderators have the power to deal with it, so I think this is low-risk.

9 Likes

This topic was automatically closed after 2 hours. New replies are no longer allowed.

That’s a pretty big structural change. How did this ever work before, since this is a new regression, and that loophole was not present to my knowledge since 2013?

My concern is that randos could sign up for infinite new accounts and grief the mods with no practical limit. We see it with the Korean bamwar folks, for example…

2 Likes

I am not 100% this did not exist forever, in the past you only got access to the flag dialog when you got to tl1and the only pm you had going was the welcome pm which was direct to moderators in many cases

I don’t recall any spam reports with the welcome PMs in the past, but I am not certain we could have had them

1 Like

Oh that is right. Why are we allowing TL0 users to flag suddenly @eviltrout @neil that is the underlying issue.

I think discobot tries to teach flagging, so it was bypassed for that

1 Like

They can flag private messages, which I think is a valid use case.

2 Likes

Yeah the idea is they can reply to any pm they get but they can’t send a pm at trust level 0. Still if we are now globally allowing tl0 flags everywhere that is not a good idea.

TL0 can only flag private messages others sent to them. They can’t flag anything else.

7 Likes