trust_0
trust_0
email in
I think staged users and email in just by-passes too many of the regular posting pipeline that it needs some serious review. It feels like an “add-on”.
Steps one and two are quite severe. Why would anyone do that?
That is, allow new users to start topics via email? This is radically far from a Discourse default.
Huh?
I thought #2 is default. New users start at Level 0.
approve_new_topics_unless_trust_level the minimum trust level to post without approval. Setting it to level 1 mean level 0 topics/posts require approval. This simply is a normal setting, not?
New users can always start new topics by email in. This is the default. The user will be created staged.
Can’t understand what you mean by severe…
You are saying you have configured your site such that brand new users can create topics via email, at will. This is not remotely a default. Why would anyone want this?
Isn’t that what email in is about?
Sort of, but I can’t imagine why you would let new users do that. Generally this is restricted to some categories and only trusted users.
Or if your site is invite only or paid membership, I guess.
Then what are staged users?
They are new users created via email in on some category, right?
That is intended for private groups, not public posts. Think support desk emails that get routed to a private group in Discourse. Guess what happens when you email team@discourse.org?
I can route them to a category, which is what it is doing here.
You can definitely route them to a public category, nothing stopping you in the system. For mine, I route them to private categories.
It is working great, except that some SPAMer’s keep sending in SPAM.
Now, those SPAMer’s will all be staged users created with the default user level of 0. In my forum, all my users start off at level 1 (invitation only, another setting). Therefore it stands without saying that level 0 users are all staged users via email in.
Now setting the approve_new_topics_unless_trust_level level to 1, which means that level 0 user posts need approval, we can get past the situation of those SPAM’s appearing on the category until they’re removed by moderators.
All of these features are standard in the system; I’m not using anything that is non-standard. If I can use this particular combo of system settings to satisfy my needs, then so much better for Discourse!
However, it seems that the system’s features set is not 100% orthogonal. Users created via other means (SSO, invitation, registration etc.) follow the approval checks for their posts. However, staged users created via email in by-pass the checks.
This is a bug if you ask me, or you would have called the setting approve new topics unless trust level (WARNING: doesn't work for staged users).
As to exactly WHY this combo of system settings work for me?
Currently I have restricted categories set up, one for each country/world region.
I point email in email addresses to them.
I publish those support email addresses. For example, a customer in Canada having a support question can email to canada@support.example.com and have their email appear as a topic in the Canada Questions category, where support technicians responsible for Canada has authority to reply.
This arrangement entirely solves the problem of using Discourse as a support ticket system.
And did I say? It is WORKING PERFECTLY GREAT!
Email spam should be handled upstream by your mail server.
Yup, I understand.
Doesn’t mean the approve_new_topics_unless_trust_level can fail to work when the user (and the topic) are created together via an email in though.
I’m saying this is a bug. You’re saying this is a feature because no sane person would want to use such a combo in settings.
Turns out that you have it in there afterall. This is what’s throwing it off:
https://github.com/discourse/discourse/blob/master/lib/new_post_manager.rb#L70-L72
You are exempting staff and staged users from the approval process:
https://github.com/discourse/discourse/blob/master/lib/new_post_manager.rb#L77
However, you’ve forgotten that there are different types of staged users creating topics. You want to exempt the ones that are sending in private messages (i.e. posting to group), but NOT when they are sending in topics (i.e. posting to category).
I think the line should be changed to:
def self.exempt_user?(user, options)
user.staff? || (user.staged && options[:archetype] == Archetype.private_message)
end
Sure, good idea, what do you think @zogstrip?
It’s a good idea 
Upgraded to the latest beta and then magically email in messages start showing up in the approvals list! 
I guess this is finally implemented then?
Not sure, we’d need @zogstrip to confirm.
Yes, @jj11909 fixed it.
https://github.com/discourse/discourse/commit/b87205831bf3d6c6226f628bc91dfa6d04534630
This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.