User Management

Last updated on Aug 8, 2023

User management is a key component of ensuring your Ourchive site remains secure. On Ourchive, users can register, comment, upload images and audio, and post text. That's a lot of potential for botheration. This article reviews how to view user data, configure permissions, and handle notifications and user reports.

User Permissions

User permissions control whether users can upload files and whether or not they are staff. A staff user can log into the admin site.

💡

Staff users are trusted users and they can break things! Don't make someone staff unless you're comfortable with them being a moderator/admin on your site.

Access the user management console at https://your-ourchive-url.com/admin/api/user/.

From the user list view, you can perform the following bulk operations:

Delete users: Default Django functionality, deletes selected users and all associated data (such as works and bookmarks)
Allow selected users to upload audio: allows users to upload audio files associated with work chapters.
Allow selected users to upload images: allows users to upload work, chapter, collection, and user profile images.
Allow selected users to upload preferred export files: allows users to upload their own preferred work exports [tk link to functionality].
Allow selected users to upload all files: allows users to upload all files, regardless of feature or file type.

💡

Be very careful with file upload permissions. File upload is a risk for abuse, including distribution of illegal material. As a general rule of thumb, users with multimedia permissions should be people you trust, or you should have a robust content moderation team monitoring uploads.

Registration & Invitations

As described in Settings[tk], you can enable or disable site registration, and you can require invitations for users to be able to register. If you choose to require invitations, you will need to approve them. (The option for automated invite generation and sending is a 1.0 roadmap item.) You can access invitations at https://your-ourchive-url.com/admin/api/invitation/:

From the list view, you can mass approve or delete invite requests. You can also view who has used their token. If a token is used, another invite will not be sent to the user.

By default, invites are emailed to the user. If you choose not to configure email [tk], you will need to manually email the link to the user. You can find this link by clicking on the ID of the user from the list view, and copying their 'Register link':

When they click this link, their account will be set up.

Reporting

Occasionally, users will need to report behavior that violates your archive rules. When a user is reported, staff users are notified via email. Reports are accessible in the admin view at https://your-ourchive-url.com/admin/api/userreport/:

Mods can mass-resolve reports via the list view. This is useful in the case of a mass-reporting scenario. Usually, however, a mod will enter an individual report record and resolve it with a mod note:

Note that mods can change all fields on this form. That is because the Django admin interface assumes anyone using the admin site is a trusted user. Admins should be trained not to modify sensitive fields.

Ourchive is a small-scale archive. This means that moderation is expected to be primarily external to the website. In this case, a mod might contact imp and tell her to stop reporting impbot3000, and to block her instead. The mod would then add a note indicating they'd contacted imp and resolve the report.

Rules will vary per Ourchive installation, so report reasons are configurable at https://your-ourchive-url.com/admin/api/userreportreason/:

You can add as many reasons as you want, but keep in mind that all reasons will display when the user makes a report. For this reason, we recommend succinct, general reasons such as 'Harassment', 'Disallowed Content', and 'Hate Speech'.

Announcements

Admin announcements are coming in v0.5.