• I think administrators should have the ability to impersonate users. In some cases this is needed. This feature is available in software such as Discourse, Flarum. Why not on NodeBB?


  • @kurulumu-net Agree. Flarum has this also, and I in fact have a use case for exactly that right now

  • NodeBB

    What does impersonating do? Does it let admins post as the other user or let them login as that user?


  • @baris it allows them to login as a specific user

  • NodeBB

    Ahh so that would give admins access to the users private messages as well. 😬


  • @baris only to the user login session. Nothing else. If an admin really wanted to see the private messages, they could just query the database unless they are stored encrypted...

  • Community Rep

    I am opposed to admins being able to impersonate forum users. Admittedly there may be legitimate use cases for such. e.g. a buddy of mine emailed me a story he'd like posted but does not want to post themselves. Ideally I would want them to get the "credit" for the post so rather than posting under my account might "impersonate them", a'la su - forum style, just long enough to post as their imposter. But alas, as tempting as this may be, there is also too much temptation for abuse.

    And I think it violates a social contract trust. Or will we need to implement signed hash's to confirm that a message/post is really us? Even the faintest perception of such becoming necessary really damages community building. Nah, the minor amount of convenience to be gained is not worth the potential for mis/abuse.


  • @gotwf I understand the points raised here, and would agree. My thoughts around impersonation" would be to troubleshoot user logins etc, and not to be able to post as the user. There should be controls in place that address this behaviour.

    However, you can easily create a post as yourself and then change the author without having to impersonate the user.


  • @gotwf

    Already today it is possible to publish a post and change the name of the author.

    (Is it really that tempting ???)


  • @chez Exactly

    However, you can easily create a post as yourself and then change the author without having to impersonate the user.

  • Community Rep

    Well, I guess some new features for me to look forward to if I ever get around to updating.... When was this introduced, eh?

  • GNU/Linux Admin

    In and of itself I have no objection to this feature. Given that admins have control over all aspects of a running forum already, it doesn't seem like a violation of user trust if they were allowed to read user PMs.

    That said, I do see how it could be a surprise if a user were to learn about this ability of the admins. We could always just disallow reading chat messages when sudo'ing


  • @julian I think there should be some sort of triggered notification to a user when an admin impersonates them at the very least.

    Or in some cases, a push notification message that needs to be approved before an admin can login. However, there may be cases when you want to get to a user who has been abusing the system, and therefore an override should be possible.

    Just some ideas.

Suggested Topics

| |