Today a colleague posted a password. Now, this post is deleted from Discourse, however the email notification, which contains the password, was still sent. This can’t be un-sent.
To keep our conversations flowing at a reasonable level, the email time window is set to 3 minutes, which has been excellent and something I want to keep for most users. However, new users, and particularly users such as the one who posted the password, cannot be trusted with this time window at all.
In an ideal world, I would be able to set new users, and this user, to have a custom time window, such as two hours(the password was in Discourse for an hour before it was noticed).
The best way I can think of is to set an email time window for each trust level. For example
Trust Level
Email Time Window
0
24 Hours
1
2 Hours
2
10 Minutes
3
3 Minutes
4
3 Minutes
New users join us at Trust Level 1 or 2. Trust Level 0 is only used to restrict users that still need to learn what is acceptable.
This would give us ample opportunity to catch any violations of confidentiality, and remove them from Discourse before the information is spread irrevocably via email.
EVERYONE: Please only read the following post if you like reading posts by a STUPID person.
I also would like to see something like this but for a slightly different reason.
Our forum has private categories that only verified users can access (restricted by trust level) but the current admin email settings only allow email notifications to be disabled or enabled for all users regardless of trust level. This means, if enabled, email notifications for posts in the private catagories, which show the full post text, are also being sent to users that aren’t allowed to view these catagories which defeats the object of the private categories.
One option is to disable all email notifications to stop non verified users receiving email notifications for posts made in these private categories but this is far from ideal for the majority of the community.
The request above would work for us because if a user doesn’t verify themselves within 7 days they are automatically pruned so we could set the Email Time Window for Trust Level 0 users to 192 hours so they never receive any email notifications.
I think our only other option at the moment is to keep the email notification to enabled but change the email template to remove the post text and possibly the posters username to maintain privacy for the majority of our users which are verified.
If anyone has any other suggestions to acheive the objective I’ve outlined above, ie enable emails for verified users (trust level 2+) and disable email notifications for non verified users (trust levels below 2) then I would be happy to try them out.
You’re right @JammyDodger. It isn’t happening, my bad.
I was checking the sent emails in admin and noticed a non verified user had been sent an email notification but after checking again I see now it was for a publicly available category and not one of the private catagories. Well I don’t feel stupid… MUCH.
Thanks for the quick response.
