User still have TL4 after revoke admin grants

I registered in forum using Google account with TL1. Then I grant admin rights using rake admin:invite[******@gmail.com]. The user gets Admin+TL4.
After that I revoke admin grants, but TL4 did not revert back to TL1.

Discourse 1.9.4

Relevant file for admin:invite (for those wondering)
https://github.com/discourse/discourse/blob/master/lib/tasks/admin.rake#L3-L28

Which definitely applies TL4, I’m not convinced that revoke was programmed with the intent of resetting their TL though.

7 Likes

This is the first I’ve heard of this rake task. I dig see why it applies user level 4,but if you use it you’ll need to remove tl4 if you want the user not to be tl4.

1 Like

I don’t think this is a bug

Moderation ranks (moderator and admin) aren’t releated with Trust Level
A TL0 can be a moderator or admin, while a TL4 can just be a TL4. It doesn’t depend on it

4 Likes

That’s inaccurate, the file @cpradio quoted makes the user TL4.

It’s not a question of whether a TL4 user “can just be TL4”, it’s about the expected behavior when admin is revoked and the implications of leaving the trust level in-place.

TL4 users are leaders, even without admin they can edit all posts, pin and unpin topics, close and archive topics. That’s still quite a lot of power for a user you may no longer want to have admin rights.

2 Likes

No, he is correct. Moderator/Admin abilities have zero dependencies on TL4, what isn’t clear is why this rake tasks sets the invited admin to TL4. If you were to use the Admin > User UI, you would not get that same behavior by clicking “Grant Admin” on a user.

The rake task is doing it for some reason, but I didn’t do a blame to try and get some insight on the matter.

With all of that said, if there were a rake task that removed admin rights, I’d expect it to remove TL4 too, but if you revoke it via the UI, well… I can’t really blame the UI for not altering the Trust Level

6 Likes

Looking at git blame it appears that promotion to TL4 has been part of the rake task since @sam wrote it 4 years ago. He might have some insight.

4 Likes

You probably misinterpreted my post, @barreeeiroo said that this isn’t a bug, and that ranks aren’t related to TL. The OP has flagged that unlike granting admin on the user, admin:invite does change both rank and trust level. There’s no need to do this, right? While admin:invite does both the two are linked, at least for now.

1 Like

You might want to read my full reply, but I acknowledge it does it and gave reasons why I still feel it is not a bug. :wink:

1 Like

As mentioned above, granting the user by UI, TL is not changed. But using CLI (this is a way to make new user an admin silently from other admins, because they don’t get a confirmation email in this case), user gets TL4 with admins rights. Either UI should change TL to 4 or CLI method should keep TL.

Anyway, my topic is about the bug. I assume that revoking admin status must drop the user to the TL that they have before granting. I wrote, that user came to the forum with TL1. So, in case of revoking, they have to descend to regular.

The parallel: some person got a job in The United Nations, and they also got apartaments in NY and a car with a personal driver. After a week of working, the person has fired, they lost apartments, but having its TL4, they still use a car with a driver. As a gift :gift:.

Do we need this @sam? It seems excessive to me.

2 Likes

There are actually two rake tasks that follow the same pattern of granting tl4 to admins it creates/invites.

rake admin:invite and rake admin:create both are useful tasks I would like to keep.

I think it is totally unfair to class this as a bug, maybe we should pop a window saying “user has tl4 you just revoked admin do you want to revoke tl4 as well?”

As to granting tl when inviting admin, I guess I am ok with just setting tl to 1 for these tasks, I will change this now.

3 Likes

Yeah I just don’t see why TL needs to be changed when you make someone an admin…

1 Like

I think there were some edges in the system some time in the past when you had an admin on tl0, seems pretty safe to bump them up to 1 though in these tasks.

10 Likes

There is still some oddness present, for example admins don’t bypass checks such as “max images per post” that are bypassed by trust level.

I noticed the other week as some of our hosted customers have demoted the TL of discobot and it’s no longer able to work properly on those sites.

10 Likes

Fixed in:

https://github.com/discourse/discourse/commit/10759677db5d0cd2bd372adefd0ac77fd47bf8f0

11 Likes