Detect the use of spam-bots and ban non compliant users (part 2)

[alecslupu]

🎩 What? Why?

Allow administrators to ban non compliant users

Administrators should be able to ban users, for example when someone repeatedly attack the debate. This ban should be transparent.

Add a “ban” action button in the Participants panel.

Admin can unban user
Users will be banned at the Decidim Identities level meaning they cannot access the website with another provider through the EU login. (Ex : I connect with Twitter, got banned I cannot connect using Facebook if it has the same email or is associated to my EU login id)

When a user is banned :

an attribute (ex: blocked) is added to their profile which makes it impossible for them to login
its avatar is replaced by the default one
its pseudo is replaced by “Banned user”
Profile page is rendered inaccessible by non-admin users (to facilitate moderation based on their contribution history)
All contribution remain visible

📌 Related Issues

Link your PR to an issue

• Meta Decidim: https://meta.decidim.org/processes/roadmap/f/122/proposals/15628
• Detect the use of spam-bots and ban non compliant users (part 1) #6696

Testing

1. Visit the website to identify an user that you can use for testing
2. Enter admin in the participants section
3. Search the user identified in step 1, and Suspend it with a reason
4. Visit public profile logged in as admin
5. Visit public profile in the incognito mode (and repeat with non admin logged in user)
6. Visit Admin and unblock
7. Repeat steps 4 + 5

📋 Checklist

🚨 Please review the guidelines for contributing to this repository.

• ❓ CONSIDER adding a unit test if your PR resolves an issue.
• ✔️ DO check open PR's to avoid duplicates.
• ✔️ DO keep pull requests small so they can be easily reviewed.
• ✔️ DO build locally before pushing.
• ✔️ DO make sure tests pass.
• ✔️ DO make sure any new changes are documented in docs/.
• ✔️ DO add and modify seeds if necessary.
• ✔️ DO add CHANGELOG upgrade notes if required.
• ✔️ DO add to GraphQL API if there are new public fields.
• ✔️ DO add link to MetaDecidim if it's a new feature.
• ❌AVOID breaking the continuous integration build.
• ❌AVOID making significant changes to the overall architecture.

📷 Screenshots

User listing in admin interface

Observe the Block button:

The justification

User after being blocked

After being blocked, the user is renamed to "Banned User"

In the admin, a justification appears:

The same icon can unblock

the unlock user is also logged in admin

♥️ Thank you!

[tramuntanal]

Hi @roxanaopr yes I meant also in the code. If it is difficult to always use block, lets, at least, get rid of the "ban" terminology in favour of block.
Codecov/patch is right now 👏 💪

[tramuntanal]

Thank you for the refactor @roxanaopr there's a conflict in decidim-core/config/locales/en.yml and we're done 😄

[roxanaopr]

@tramuntanal Can you please check after my changes?

Changes done!