I want to ensure that posts created by the admin are non-editable by all other users, including staff and moderators. I’ve observed that even the Terms of Service can be edited by moderators.
Consider a scenario where an active forum user is offered a moderator role, but subsequently begins to act unethically, such as editing or deleting legal documents like the Terms of Service.
Is there a way to establish such specific permissions or restrictions?
The Terms of Service and Privacy Policy are currently in the default “Staff” category, so I can’t adjust who can create, etc.
I’ve noticed that even Trust Level 3 users can modify the Terms of Service. If the suggestion is something like “You can lower the trust level”, that’s not a viable solution, as the moderator still needs other permissions to effectively moderate the forum without restrictions.
Is there a default method for setting these kinds of limitations?
Further, is there any way to edit each permission and remove/add the permissions?
I will quote my own post. The TOS is in the “staff” category. We can’t set/edit security for the staff category. Your method will work for any other category created by the admin. But discourse does not allow to set security for the default staff category.
The Terms of Service and Privacy Policy are currently in the default “Staff” category, so I can’t adjust who can create, etc.
Not quite sure. It’s possible I did it. However still my main concern is there → To restrict anyone else to edit the legal documents.
How I would do this is to have these ToS hosted elsewhere on a platform that only admins have control over. Then I will use the discourse setting to have external ToS and other policy pages. That way, admins know where to make changes and nobody else can edit those directly on discourse.
Have you ever done it that way successfully or you’re just thinking it might work? Because that may create new problems
The TOS document no longer can be moved to the official staff category anymore (if something goes wrong/if your method doesn’t work)
The above issue can create another one → now the TOS is not visible in the default TOS tab because the system cannot find the tos document in the staff category.
Every-time you want to update TOS, you need to set “post title length” setting (as discourse has no seperate power allocated to admins on post shorter title lengths like “tos”)
Have tested this today and seems to work fine, and is possible to move TOS page back to staff category.
Don’t know how the system publishes the official page from the editable version but changing name/category does not seem to create any problem for that.
It’s not that professional as the new tos page does not appear in the “Terms of Service” default tab. It just directs to the post (and all other adjacent tabs “about, faq, prvacy policy” are no longer appear next to the terms of service tab - even the terms of service tab is no longer visible).
These unnecessary restrictions in the discourse makes us customise the site very difficult.
It’s also the same for about us page as well. if you try to remove the “stats” no you can’t it’s discourse’s forced decision you must have it displayed. Strange rules.
It’s same for TOS page as well “no, you must keep it editable to all the unethical moderators, it’s discourse’s forceful decision” it’s strange discourse forcefully enforcing their will on the site.
I feel like discourses main slogan is “All the power to the community, non to admins”
I feel like the prevailing policy of Discourse is that you should not have moderators that you suspect are about to misbehave; but if you do, everything they do can be undone.
Category moderator is the position intended for low-trust moderation help.
If a new staff member edits the Terms of Service to be something like “just don’t”, then the old version will be preserved in the post’s edit history. Hiding the revision doesn’t do anything, admins can still see it, and only admins can purge a revision from the database.
Except… there is a category that is limited only to staff, staff- category - and there TOS is living quite often and there is no way TL3 can edit it, unless a staff member is TL3.
Here is now a huge issue’ish: we don`t know what @PrettyGirl has changed. Because I refuse to believe there would be huge bug that allow ordinary TL3 edit or even see staff-limited category.
I’m not sure why you still say this when the answer has been provided?
If you create an ‘admin’ category with create/reply permissions only for admin and recategorise your Terms of Service and Privacy Policy topics (and FAQ if desired) into there then doesn’t that solve the immediate issue for you? The published /tos and /privacy pages are based on the topic ids, so will still exist even when the underlying topics are moved to a different category.
Though the issue of having unethical moderators would be a wider problem that you’d have to handle separately.
It is professional when you create it correctly. I have more than two dozen clients who have their policy pages hosted externally and we put good care into ensuring the UX consistency and having proper backlinking to the forums and the main site when we deploy such external pages.
It is just a matter of hiding them in CSS, If that’s not a problem.
If they’re unethical or non-aligned to the principles of your community, maybe they don’t deserve to be an admin/moderator/staff etc? There is something fundamentally wrong with the approach they’re taking towards the recruitment of their staff and this needs more of a philosophical solution than a technical one.
Most of what you’re asking is achievable in a custom plugin that you should be able to build or commission to someone from this community.
There is a much bigger issue at hand here that is the trust between your community and that can not be addressed by even the most restrictive permissions. You need to think of this differently and align your approach so that you’re making a wise choice when recruiting someone as a staff member.
The Staff category should not be visible to TL3 in any case. I don’t know how you’re making that possible.
Did you say that after trying it? I initially moved this topic to an only-admin-editable category on my forum. There are no side effects. There is no such “may” as what you said.
And there are 5 hidden settings related to this topic. rails c to the ruby console environment, then use SiteSetting.tos_topic_id = xxx to set them to whatever topic id you want.
Discourse does has given administrators a lot more rights than other platforms. Please don’t make such comments without trying. I mean, if Discourse were a car manufacturer, you shouldn’t ask it to deliver you Transformers - and all for free.
Default settings for new install are that only an admin or moderator at trust level #4 can edit the terms of service/other official pages, but it is possible anyone who is at TL4 could have moved those to a different category that could be edited by TL3.
On the one hand being tl4 does not mean you are staff. If you are tl4 but have no admin or moderator status, you won’t be able to see, edit or move a topic, which is in the staff category. On the other hand the powers of moderators don’t depend on their tl. See Trust Level Permissions Table (inc Moderator Roles). There is no tl in the moderators column.