Tag Management and Dynamics

kwiesmueller

Hey there,
we are currently on the way of migrating an existing community to Flarum.
I love the software and am really happy with it.

I just encountered some questions regarding Tags that should be features for me.
First thing:
Allowing certain Roles/Groups to add Tags (create new ones). I can not find any permission allowing that and it would be really annoying to make everybody admin that should be allowed to add tags.
(I did not find any way to make a group admin or at least some kind of admin as well to let them access some settings).

Aside from this it would look very helpful to me, to allow (some) users to create secondary tasks automatically when creating their new post. This would be some pretty common behavior and would in the end result in better searchability (at least if I got the secondary tags idea right).

Cheers!

Franz

kwiesmueller Howdy. Thanks for the kind words.

I think that's a legitimate use case. You might want to bring it up in flarum/core395.

clarkwinkelmann

I believe everything that is set in the admin panel doesn't have its own permissions. Only admins can do it. Which sadly prevents giving access to tags settings to anybody else.

This might be something that will create problems in the future. What if you allow other groups to edit tags ? You can't give them access to the admin panel, as you need to be a super-admin to load it. Where do you place the tags settings then ?

If you start adding more granular permissions and move stuff to the front-end side (forum) so non-admins can edit them, we will end up with nearly nothing in the actual admin panel (?)

Or should the admin panel be refactored so it doesn't actually require admin access for everything ? But then we need to change the way some things are done, for example all setting values are always injected in the admin panel, this wouldn't be secure if non-admins also see it. Extensions would have to whitelist or inject settings themselves like in the front-end.

Just thinking out loud here. Not sure if there's a discussion about this on GitHub already ?

Franz

clarkwinkelmann For this particular use-case, I guess the creation of secondary tags would happen directly in the "Choose tags" modal; with the permission enforced via API endpoint. No admin access necessary.

jordanjay29

clarkwinkelmann Or should the admin panel be refactored so it doesn't actually require admin access for everything ? But then we need to change the way some things are done, for example all setting values are always injected in the admin panel, this wouldn't be secure if non-admins also see it. Extensions would have to whitelist or inject settings themselves like in the front-end.

Just thinking out loud here. Not sure if there's a discussion about this on GitHub already ?

My personal opinion is that it seems worthy of one.

Ralkage

A forum without an actual Administrative Panel? ? Don't think any current/modern forum software has this sort of mindset or structure.