Only admins with superadmin, policy_and_abuse, open_doors, support, or tag_wrangling roles should
have the “Manage Users” menu in the admin navigation, with “Find Users” and “Bulk Email Search” links in the menu
be able to access the Find Users and Bulk Email Search pages by following said links
be able to perform searches from those pages
be able to download a CSV of the results on the Bulk Email Search page
be able to see and update a user’s roles after performing a search on the Find Users or Bulk Email Search page
be able to see a user’s Fannish Next of Kin after performing a search on the Find Users or Bulk Email Search page
access a user admin page by following the “Details” link after performing a search on the Find Users or Bulk Email Search page
be able to see all of the user admin page’s content, e.g. buttons, forms, history table
be able to use the Manage User Invitations, Add User Invitations, Troubleshoot Account, Send Activation Email, Activate User Account, and Manage User Roles options on the user admin page
Admins with the superadmin or policy_and_abuse role should
be able to modify the Fannish Next of Kin on the user admin page
be able to record notes or warnings on the user admin page
be able to suspend/ban or lift suspension/ban on the user admin page
be able to ban and delete all of a spammer’s creations on the user admin page
Admins with the open_doors, support, or tag_wrangling roles should
receive an error when attempting to do anything on the previous list
Admins with none of the listed roles should
not have the “Manage Users” menu in the admin navigation
be redirected and given an error message if they enter the URL to Find Users (https://test.archiveofourown.org/admin/users) or Bulk Email Search (https://test.archiveofourown.org/admin/users/bulk_search) pages, or to a user’s admin page (https://test.archiveofourown.org/admin/users/testy) in their browser bar
UPDATE 20 JULY (Deployed To Test)
only admins with the superadmin, policy_and_abuse, or support roles should be able to update a user’s email address
only admins with the superadmin, tag_wrangling, or open_doors roles should be able to update a user’s roles
please test adding and removing, especially including removing the only role
"Just hitting the ‘Update’ button even without changing the email address removes the user role."
"We can delete an email address completely and leave it blank."
We'll need to fix these.
While we're at it, it should be possible to print nice validation errors on the users as well (fixing Sammie's point "this seems to be because I was using an email address that the system considered taken"). Right now we're completely bypassing validations when admins save users, which isn't nice.
Clicking update or changing the email address does not remove user roles.
I can’t completely remove the email address, if I do the former address reappears after trying to save. If I put in an incomplete address I get an error warning: The user testy could not be updated: Email is invalid Email does not seem to be a valid address. Email should look like an email address.
When I try to use an email address that is already attached to an account I get an error: The user testy could not be updated: Email has already been taken
As a superadmin, I was able to add the tag wrangler role to testy and prova, and I was able to add the translator and archivist roles to testy10 in one go. I could remove roles, too: I removed the only-and-only role for a user, then removed one role and left another, and then removed both of a user’s roles simultaneously. That looks good!
I was also able to change a user’s email address. Attempting to remove the address entirely gave me a success message rather than an error, but the email address remained. I got the same message as Matty when trying to change the email address to one that was missing everything after the @. The message is not ideal – it’s a big run-on sentence – but it’s acceptable for now.
I was able to access a user’s Details page and, while there, add and remove a FNOK and record a note on a user. I suspended a user and then lifted the suspension. I troubleshot the user, gave them some invitations, and accessed their manage invitations page. The button for managing roles took me to the search results page where I could see the user/modify their roles.
I sent an activation email to an unactivated user and then activated their account. Then I posted a work with that account and spam banned it.
I was also able to do a bulk search and download the results.
Jessie from Board:
I don't have the Manage Users menu, and all three URLs give me the error message
Claudia from Comms showed me a screenshot with the Manage Users menu item missing, which is correct.