isn’t it better if this plugin be available for moderators as well?
currently only admins have access to the plugin, and mods get this error when clicking on the plugin: “The data explorer is only available to admins.”
moderators also need to be able to analysis some user behaviors, and direct access to the plugin helps.
This would give them complete read only access to your database. Not recommended in all cases I do not think
For example all they need to do is do
select * from api_keys
With that then they have access to the system & any admin generated API Keys allowing them to perform admin functions.
There is a whole discussion somewhere on meta about admins vs moderators, and how much trust to put in them. The discourse team all have admin privs here on meta, for example, as you can see on the about page. Personally I limit it (just two of us have admin privs) and then the two of us own the hassle of having to run reports and share them with the rest of the team. This is less than ideal - really we just limit the access to avoid having to train everyone on what to stay away from. Not everyone on my team is interested in seeing all the admin features, even if we do trust them with the data.
Can you give an example of the type of analysis moderators need to be allowed to do?
I’ve often wished for the ability to create a query, and then make just that query available to moderators. Or the ability to have the results of a query sent to me (or another discourse user) on a schedule, along the lines of the user export which is niftily delivered by PM.
I don’t know the ETA but AFAIK there are plans to expose Admin vetted queries to Moderators via the dashboard.
I am a moderator at SitePoint, not an admin, so I don’t have access to Data Explorer there. I do have access to Data Explorer on my localhost installs so I have some experience with what it is able to do.
Although the plugin has safety built in as far as protecting the database, it is very powerful in terms of what data it can provide. Some of which should, IMHO, not be available to any other than an admin. (eg. both personal and private information).
On the other hand, there have been a few times I have petitioned our admin to run a query for me and reply back with the results and he has gracefully obliged.
The new dashboard is currently planned for this release (Discourse Version 2.0). Of course that is always subject to change.
What I cannot confirm is if exposing Data Explorer queries is planned for the first release of the new dashboard, or if it will wait until a later improvement pass.
for data analysis, we have a colleague who needs to have access to the user data. he is currently playing with the data to see if he can extract patterns for “topic-user” and “user-user” interactions.
we can user “localhost” or “admin access” in this case as mentioned above, but I was wondering what will happen if moderators have access to the plugin as well. since they already have access to users information in the user section of admin panel.
The plan is for some queries to be marked safe as runnable by staff, but not to expose all of data explorer proper.
Any chance we can mark queries that we make to be exposed to moderators? I’ve been working on a few things on SP that I wouldn’t mind exposing the data of, as it is meant for their eyes, right now I export/copy it to a topic, which requires manual effort.
Yes, that is the plan!
目前启用此功能的状态如何?我在发现只有管理员才能运行查询后找到了这个帖子。如果我们能在论坛上使用一些经过管理员审核的查询,那将非常棒。
谢谢。
我认为这里有一个更重要的部分值得构建。它在我的愿望清单中,但尚未排期。
我希望允许将“运行查询”的权限暴露给任意群组。撰写权限应始终保持为仅限管理员,这一点我从未打算改变。但运行权限可以开放给任何群组。
这将解锁各种功能,例如将自定义报告添加到我们的模组仪表板,这是 @j.jaffeux 一直感兴趣的方向。
如果社区中有人对这类项目感兴趣,请发布一些界面原型截图,展示用户体验将如何运作,如何为特定报告向某个群组“授予运行权限”,以及您会在哪里看到这些功能等等。
我很乐意尝试这个功能。我整理了一些我的设计草图截图。
第一张截图是报告的编辑视图。管理员可以添加用户组,使其有权下载报告的结果。
我最大的疑问是如何向组内的用户展示报告。我最初的想法是,仅向非管理员用户显示 JSON 和 CSV 按钮。如果报告尚未运行,点击这些按钮会触发运行;但这样可以防止非管理员用户反复执行查询。
@sam 请告诉我你对这个方向的看法。(由于每篇帖子只能发布一张图片,我将在随后的帖子中发布另一张图片)
我认为你应该让组成员能够访问 运行 按钮。
原因如下:如果你无法信任用户不会尝试通过反复运行查询来使网站瘫痪,那么就不应该将他们加入该组。大多数情况下,数据探索器查询在用户体验中非常有用,而不是为了下载后在其他工具中查看。此外,显示功能会执行一些出色的操作(例如以有用且难以通过下载数据后复制的方式显示 user_id 和 topic_id)。
这很合理。运行功能只需镜像管理员点击 run 时看到的内容,并将结果显示在下方。
是否也有必要向群组显示“上次运行”的时间?
我真的很喜欢你为这个功能在群组中找到了一个自然的位置。不过,我认为我们应该在群组页面设置一个专属标签页,因为我觉得它并不适合放在“活动”里。
或许可以放在“消息”和“管理”之间:如果你拥有 1 个或更多报告,并且你是该群组的明确成员,该标签页就会显示。
这样也能给你更多的宽度空间来布局。
拥有报告访问权限的人应该被允许“添加参数”(如果是参数化报告),并使用与管理员页面相同的控件来运行它。至于他们是否应该看到 SQL,我还在犹豫,所以暂时先不开放。
关于权限设置的位置:我希望能尽量减少对管理员页面的干扰。我想我们可以从那里开始,但减少文字说明。
总之,如果这些反馈都有道理,那就请随时开始吧!
感谢如此宝贵的反馈。这对我来说都很合理,我马上开始着手处理。
@sam,
默认查询(插件安装时已存在)不可编辑。
在我的截图中,将查询暴露给特定组的功能是通过编辑查询来访问的。默认查询是否也应该可以暴露给特定组?
如果是,我考虑可能需要对设计进行一些调整,以同时支持这两种类型的查询。
是的,我认为关于查询的元数据(例如上次运行时间、谁有权限运行等)应该放在一个专用表中。您还应该能够为内置查询设置权限(它们具有稳定的 ID)。
