All features (submitting expenses, commenting...) will be blocked for this user.
A warning will be displayed at the top of all pages for this user.
User is clearly spamming or trying malicious things on the platform.
The specified feature will be blocked for this user.
User has a strange behavior with a feature, or is abusing a specific one. We want to prevent the use of it without blocking access to the others. For example, users having bad language in a conversation - we want to prevent them from commenting, but it's ok to have them creating orders.
To see a list of all features names, check https://github.com/opencollective/opencollective-api/blob/master/server/constants/features.ts
Disable access to expenses:
User.data.features.EXPENSES = false
Disable access to conversations:
User.data.features.CONVERSATIONS = false
First make sure that users don't have any data that is problematic to delete:
WITH profiles_to_ban AS (SELECT * FROM "Collectives"WHERE slug = ANY($collectiveSlugs)) SELECTCOUNT(c.id) AS nb_collectives,COUNT(t.id) AS nb_transactions,COUNT(e.id) AS nb_expenses,COUNT(o.id) AS nb_ordersFROMprofiles_to_ban cLEFT JOIN"Transactions" t ON t."CollectiveId" = c.id OR t."FromCollectiveId" = c.idLEFT JOIN"Expenses" e ON e."CollectiveId" = c.id AND status = 'PAID'LEFT JOIN"Orders" o ON o."FromCollectiveId" = c.id OR o."CollectiveId" = c.id AND o.status != 'ERROR'
If that's ok and you're 100% sure that all these collectives are SPAM, you can also include the collective admins:
SELECT mc.slugFROM "Members" mINNER JOIN "Collectives" c ON m."CollectiveId" = c.idINNER JOIN "Collectives" mc ON m."MemberCollectiveId" = mc.idWHERE m."role" = 'ADMIN' AND m."CollectiveId" = c.idAND c.slug = ANY($collectiveSlugs)AND c."deletedAt" IS NULL
Make sure you re-run the first query with these new entries to make sure it's safe to ban them.
Please refer to this query to ban users and collectives from the platforms. You'll need to input a list of collective slugs to the query. When banning a user, all the related data (memberships, expenses, comments...etc) are (soft-) deleted. A special flag is set in
user.data.isBanned is set to
User's email will be locked in database, to that it will be impossible for the user to register with the same email address.