liz/PluralKit
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Feature/granular member privacy (#174)

Browse Source 
* Some reasons this needs to exist for it to run on my machine? I don't think it would hurt to have it in other machines so

* Add options to member model

* Add Privacy to member embed

* Added member privacy display list

* Update database settings

* apparetnly this is nolonger needed?

* Fix sql call

* Fix more sql errors

* Added in settings control

* Add all subject to system privacy

* Basic API Privacy

* Name privacy in logs

* update todo

* remove CheckReadMemberPermission

* Added name privacy to log embed

* update todo

* Update todo

* Update api to handle privacy

* update todo

* Update systemlist full to respect privacy (as well as system list)

* include colour as option for member privacy subject

* move todo file (why was it there?)

* Update TODO.md

* Update TODO.md

* Update TODO.md

* Deleted to create pr

* Update command usage and add to the command tree

* Make api respect created privacy

* Add editing privacy through the api

* Fix pronoun privacy field in api

* Fix info leak of display name in api

* deprecate privacy field in api

* Deprecate privacy diffrently

* Update API

* Update documentation

* Update documentation

* Remove comment in yml

* Update userguide

* Update migration (fix typo in 5.sql too)

* Sanatize names

* some full stops

* Fix after merge

* update migration

* update schema version

* update edit command

* update privacy filter

* fix a dumb mistake

* clarify on what name privacy does

* make it easier on someone else

* Update docs

* Comment out unused code

* Add aliases for `member privacy all public` and `member privacy all private`
This commit is contained in:
BeeFox-sys
2020-06-18 05:31:39 +10:00
committed by GitHub
parent 627f544ee8
commit 721a4502bb
19 changed files with 389 additions and 95 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
docs/2-user-guide.md
View File

@@ -438,7 +438,7 @@ To update your system privacy settings, use the following commands:
pk;system privacy <subject> <level>
where `<subject>` is either `description`, `fronter`, `fronthistory` or `list`, corresponding to the options above, and `level` is either `public` or `private`.
where `<subject>` is either `description`, `fronter`, `fronthistory` or `list`, corresponding to the options above, and `<level>` is either `public` or `private`. `<subject>` can also be `all` in order to change all subjects at once.
For example:
@@ -449,15 +449,37 @@ For example:
When the **member list** is **private**, other users will not be able to view the full member list of your system, but they can still query individual members given their 5-letter ID. If **current fronter** is private, but **front history** isn't, someone can still see the current fronter by looking at the history (this combination doesn't make much sense).
### Member privacy
There is also an option to mark a specific member as private, using the command:
There are also nine options for configuring member privacy;
pk;member <name> private
- Name
- Description
- Birthday
- Pronouns
- Colour
- Date created
- Message count
- Visibility
A private member will *not* be displayed in member lists (even if the member list is public), and will show only limited information if looked up by others - namely name, display name and avatar. Other information, such as description, pronouns and birthday will be hidden.
As with system privacy, each can be set to **public** or **private**. The same rules apply for how they are shown too. When set to **public**, anyone who queries your system (by account or system ID, or through the API), will see this information. When set to **private**, the information will only be shown when *you yourself* query the information. The cards will still be displayed in the channel the commands are run in, so it's still your responsibility not to pull up information in servers where you don't want it displayed.
All of this can only be accessed using the member's 5-letter ID, which is exposed when proxying. So, if you want to keep a member absolutely private, it's recommended you don't proxy with it publicly - that way the ID isn't exposed.
However there are two catches. When name is set to private, it will be replaced by a members display name, but only if they have one! When visibility is set to private, the member will not show up in the member list unless -all is used in the command (and you are part of the system).
Member info will not be shown in member lists even if someone in the system queries the list, unless the user is part of the system and uses the -all flag.
To update a members privacy you can use the command:
member <member> privacy <subject> <level>
where `<member>` is the name or the id of a member in your system, `<subject>` is either `name`, `description`, `birthday`, `pronouns`, `color`, `metadata`, or `visiblity` corresponding to the options above, and `<level>` is either `public` or `private`. `<subject>` can also be `all` in order to change all subjects at once.
`metatdata` will affect the message count, the date created, the last fronted, and the last message information.
For example:
pk;member John privacy visibility private
pk;member "Craig Johnson" privacy description public
pk;member Robert privacy color public
pk;member Skyler privacy all private
An example of a private member is `cmpuv` - try looking it up and see what's shown, as well as the corresponding system list (`pk;system exmpl list`).
## Moderation commands
### Log channel

4
docs/3-command-list.md
View File

@@ -17,6 +17,8 @@ Words in **\<angle brackets>** or **[square brackets]** mean fill-in-the-blank.
- `pk;system rename [new name]` - Changes the name of your system.
- `pk;system description [description]` - Changes the description of your system.
- `pk;system avatar [avatar url]` - Changes the avatar of your system.
- `pk;system privacy` - Displays your system's current privacy settings.
- `pk;system privacy <subject> <public|private>` - Changes your systems privacy settings.
- `pk;system tag [tag]` - Changes the system tag of your system.
- `pk;system timezone [location]` - Changes the time zone of your system.
- `pk;system proxy [on|off]` - Toggles message proxying for a specific server.
@@ -42,6 +44,8 @@ Words in **\<angle brackets>** or **[square brackets]** mean fill-in-the-blank.
- `pk;member <name> description [description]` - Changes the description of a member.
- `pk;member <name> avatar <avatar url|@mention>` - Changes the avatar of a member.
- `pk;member <name> serveravatar <avatar url|@mention>` - Changes the avatar of a member in a specific server.
- `pk;member <name> privacy` - Displays a members current privacy settings.
- `pk;member <name> privacy <subject> <public|private>` - Changes a members privacy setting.
- `pk;member <name> proxy [tags]` - Changes the proxy tags of a member. use below add/remove commands for members with multiple tag pairs.
- `pk;member <name> proxy add [tags]` - Adds a proxy tag pair to a member.
- `pk;member <name> proxy remove [tags]` - Removes a proxy tag from a member.

92
docs/4-api-documentation.md
View File

@@ -59,12 +59,20 @@ The following three models (usually represented in JSON format) represent the va
|color|color?|Yes|6-char hex (eg. `ff7000`), sans `#`.|
|avatar_url|url?|Yes|Not validated server-side.|
|birthday|date?|Yes|ISO-8601 (`YYYY-MM-DD`) format, year of `0001` or `0004` means hidden year. Birthdays set after 2020-02-10 use `0004` as a sentinel year, but both options are recognized as valid.|
|prefix|string?|Yes|Deprecated. Use `proxy_tags` instead.|
|suffix|string?|Yes|Deprecated. Use `proxy_tags` instead.|
|prefix|string?|Yes|**Deprecated.** Use `proxy_tags` instead.|
|suffix|string?|Yes|**Deprecated.** Use `proxy_tags` instead.|
|proxy_tags|ProxyTag[]|Yes (entire array)|An array of ProxyTag (see below) objects, each representing a single prefix/suffix pair.|
|keep_proxy|bool|Yes|Whether to display a member's proxy tags in the proxied message.|
|created|datetime|No||
|privacy|string?|Yes|Patching with `private` will set it to private; `public` or `null` will set it to public.|
|created|datetime|No|
|privacy|string?|Yes|**Deprecated.** Use `<subject>_privacy` and `visibility` fields.|
|visibility|string?|Yes|Patching with `private` will set it to private; `public` or `null` will set it to public.|
|name_privacy|string?|Yes|Patching with `private` will set it to private; `public` or `null` will set it to public.|
|description_privacy|string?|Yes|Patching with `private` will set it to private; `public` or `null` will set it to public.|
|birthday_privacy|string?|Yes|Patching with `private` will set it to private; `public` or `null` will set it to public.|
|pronoun_privacy|string?|Yes|Patching with `private` will set it to private; `public` or `null` will set it to public.|
|color_privacy|string?|Yes|Patching with `private` will set it to private; `public` or `null` will set it to public.|
|message_count_privacy|string?|Yes|Patching with `private` will set it to private; `public` or `null` will set it to public.|
|created_timestamp_privacy|string?|Yes|Patching with `private` will set it to private; `public` or `null` will set it to public.|
#### ProxyTag object
@@ -165,7 +173,14 @@ If the request is not authenticated with the system's token, members marked as p
"proxy_tags": [{"prefix": "[", "suffix": "]"}],
"keep_proxy": false,
"created": "2019-01-01T15:00:00.654321Z",
"privacy": null
"visibility": null,
"name_privacy": null,
"description_privacy": null,
"birthday_privacy": null,
"pronoun_privacy": null,
"color_privacy": null,
"message_count_privacy": null,
"created_timestamp_privacy": null
}
]
```
@@ -220,6 +235,14 @@ If the system has chosen to hide its current fronters, this will return `403 For
"description": "I am Craig, example user extraordinaire.",
"proxy_tags": [{"prefix": "[", "suffix": "]"}],
"keep_proxy": false,
"visibility": null,
"name_privacy": null,
"description_privacy": null,
"birthday_privacy": null,
"pronoun_privacy": null,
"color_privacy": null,
"message_count_privacy": null,
"created_timestamp_privacy": null,
"created": "2019-01-01T15:00:00.654321Z"
}
]
@@ -302,7 +325,14 @@ If this member is marked private, and the request isn't authenticated with the m
"proxy_tags": [{"prefix": "[", "suffix": "]"}],
"keep_proxy": false,
"created": "2019-01-01T15:00:00.654321Z",
"privacy": "public"
"visibility": "public",
"name_privacy": "public",
"description_privacy": "private",
"birthday_privacy": "private",
"pronoun_privacy": "public",
"color_privacy": "public",
"message_count_privacy": "private",
"created_timestamp_privacy": "public"
}
```
@@ -324,7 +354,14 @@ Creates a new member with the information given. Missing fields (except for name
"pronouns": "they/them",
"description": "I am Craig, cooler example user extraordinaire.",
"keep_proxy": false,
"privacy": "public"
"visibility": "public",
"name_privacy": "public",
"description_privacy": "private",
"birthday_privacy": "private",
"pronoun_privacy": "public",
"color_privacy": "public",
"message_count_privacy": "private",
"created_timestamp_privacy": "public"
}
```
(note the absence of a `proxy_tags` field, which is cleared in the response)
@@ -343,7 +380,14 @@ Creates a new member with the information given. Missing fields (except for name
"proxy_tags": [],
"keep_proxy": false,
"created": "2019-01-01T15:00:00.654321Z",
"privacy": "public"
"visibility": "public",
"name_privacy": "public",
"description_privacy": "private",
"birthday_privacy": "private",
"pronoun_privacy": "public",
"color_privacy": "public",
"message_count_privacy": "private",
"created_timestamp_privacy": "public"
}
```
@@ -365,7 +409,14 @@ Edits a member's information. Missing fields will keep their current values. Wil
"pronouns": "they/them",
"description": "I am Craig, cooler example user extraordinaire.",
"keep_proxy": false,
"privacy": "public"
"visibility": "public",
"name_privacy": "public",
"description_privacy": "private",
"birthday_privacy": "private",
"pronoun_privacy": "public",
"color_privacy": "public",
"message_count_privacy": "private",
"created_timestamp_privacy": "public"
}
```
(note the absence of a `proxy_tags` field, which keeps its old value in the response)
@@ -384,7 +435,14 @@ Edits a member's information. Missing fields will keep their current values. Wil
"proxy_tags": [{"prefix": "[", "suffix": "]"}],
"keep_proxy": false,
"created": "2019-01-01T15:00:00.654321Z",
"privacy": "public"
"visibility": "public",
"name_privacy": "public",
"description_privacy": "private",
"birthday_privacy": "private",
"pronoun_privacy": "public",
"color_privacy": "public",
"message_count_privacy": "private",
"created_timestamp_privacy": "public"
}
```
@@ -459,12 +517,24 @@ The returned system and member's privacy settings will be respected, and as such
"description": "I am Craig, example user extraordinaire.",
"proxy_tags": [{"prefix": "[", "suffix": "]"}],
"keep_proxy": false,
"created": "2019-01-01T15:00:00.654321Z"
"created": "2019-01-01T15:00:00.654321Z",
"visibility": "public",
"name_privacy": "public",
"description_privacy": "private",
"birthday_privacy": "private",
"pronoun_privacy": "public",
"color_privacy": "public",
"message_count_privacy": "private",
"created_timestamp_privacy": "public"
}
}
```
## Version history
<!-- (Update this on official release) -->
* 2020-05-14
* The API now has values for granular member privacy. The new fields are as follows: `visibility`, `name_privacy`, `description_privacy`, `birthday_privacy`, `pronoun_privacy`, `color_privacy`, `message_count_privacy`, and `created_timestamp_privacy`. All are strings and accept the values of `public`, `private` and `null`
* The `privacy` field has now been deprecated and should not be used. It is a reflection of visibility.
* 2020-05-07
* The API (v1) is now formally(ish) defined with OpenAPI v3.0. [The definition file can be found here.](https://github.com/xSke/PluralKit/blob/master/PluralKit.API/openapi.yaml)
* 2020-02-10