Welcome to Codidact Meta!
Codidact Meta is the meta-discussion site for the Codidact community network and the Codidact software. Whether you have bug reports or feature requests, support questions or rule discussions that touch the whole network – this is the site for you.
Comments on We need to talk about Abilities
Parent
We need to talk about Abilities
The problem
Almost three years ago we introduced Abilities to Codidact as an improved system for granting activity-based permissions, such as allowing users who have made consistently great edit suggestions to edit posts without requiring approval. I'll defer to the linked posts on how Abilities function in detail.
I do still believe that coupling permissions with specific experience in the area of the permission is a good idea and should be kept as the basic premise of the permission system.
However, there are a three major issues I see with how our abilities system works currently:
-
The Ability thresholds are calculated using the Wilson score formula we use for posts. This means, that the minimum number of (positive) actions needed and the minimum percentage of positive actions are directly coupled.
In some cases this coupling can be inappropriate for the intended purposes. For example, a community might want a user to have suggested many edits to demonstrate experience but want to require only an average approved percentage of like 75%. In our current system this would not be possible.
In some cases communities might want the opposite. They would want a high percentage of 95% edits approved, but because they have low activity they only want a small sample of 5 edits (which would of course mean that once one edit is rejected your amount of edits that need to be approved would rise drastically). This would also not be possible with the current system.
-
Currently abilities are directly coupled with permissions. This means, that the system will check whether or not you have a certain ability and will infer your permission from this. This becomes a problem once a permission should be inferred from multiple abilities, because then the every time a permission is checked the code would have to keep in mind how exactly abilities bind to permissions, and if multiple permissions are coupled into one ability, because they are then affixed together as an all-or-nothing thing. However one might want to separate permissions from another for moderation purposes. A user might need to be banned from reviewing edits while their power to edit posts should not be restricted.
-
The current system is based on specific existing abilities hard-coded in the application. However communities might want to change the ability progression to better match their individual needs.
A solution?
Therefore I am proposing some tweaks to how abilities are implemented:
-
There are two factors: "privileges" and "abilities" (or "trust levels").
-
Privileges are technical allowances, such as "may edit other people's posts without review", "may review suggested edits" or "may vote to close". A user can have or not have a privilege at any time.
-
Abilities are steps on the progression ladder. Technically an ability consists of one or multiple privileges and a "win condition". If you earn an ability, you will be granted the privileges it contains.
-
Privileges can be individually suspended by moderators (as abilities can be suspended for time/infinity right now). Abilities cannot be suspended because the only thing that goes beyond suspendable privileges are "bragging rights".
-
Abilities are reached when its win condition is reached. A win condition may consist of multiple requirements, each of which must be completed. Requirements could be, for example,
- minimum user age
- obtaining a specific ability
- minimum post count
- minimum positively received post count
- minimum percentage of posts positively received
- minimum (suggested) edits
- minimum approved/applied edits
- minimum percentage of suggested edits approved
- minimum flag count
- minimum helpful flag count
- minimum percentage of helpful flags
- minimum close/delete votes
- minimum effective close/delete votes
- manual appointment (i.e. this ability can only be awarded manually)
As before, moderators would have all such privileges.
Something similar to the current ability progression should be set as standard, so that we have an ability trees not unlike this:
- everyone (general path)
- established user (general path)
- editing posts (edit path)
- editing tags (edit path)
- closing posts (mod path)
- deleting posts (mod path)
- editing posts (edit path)
- moderators
- established user (general path)
However communities would be free to change this progression as they like.
I think that these tweaks would allow better bootstrapping of communities and would allow it to better react to community size with configuring the ability system.
Discussion
What do you think? Do you have any other ideas on how to improve abilities?
I've been thinking about abilities again lately (and for a while), because they're too hard to earn but just tweaking th …
1mo ago
Considering both timeframe and last N events We could base awarding of an ability on both proportion of events in a t …
1mo ago
My main area of concern would be your "Problem", point 2. You seem to have put a lot of thought into that one as well, b …
1y ago
Testing different approaches When considering what approach to take to awarding abilities, or what specific values to u …
1mo ago
I want moderators to be able to grant or suspend abilities at fairly granular levels, because sometimes that person who' …
1y ago
coupling permissions with specific experience in the area of the permission is a good idea and should be kept as the bas …
1y ago
Post
My main area of concern would be your "Problem", point 2. You seem to have put a lot of thought into that one as well, but I have a number of questions. I'm first most interested in fixing the top level groupings. Are the security levels basically just mods
and users
? I'm seeing staff
tags as well. Does that carry any particular organizational, process, or security meaning in this context? And can you think of any other possible "exception" groups (e.g. guest
)?
It looks like you're doing a good job of organizing the "privilege structures". I was going to stop and ask for that before all else - then I scrolled down. So kudos there. However, there are a number of potential layers of abstraction between "privilege" and a high-level classification like mod
, and it's probably a good idea to flesh out any other similarities between users that might impact or be proxies for their privileges.
What about crossover between groups? I.e. can a mod be denied some mod privilege, either temporarily or permanently, but still need to be "a mod" for some reason? Or is a fully trusted user essentially equivalent to a mod in all access within a site? Once a privilege is unlocked, can it be removed again from the frontend? In particular, can adjustments to the qualifications, or "win conditions" cause existing privileges to be added or removed?
On a personal level (i.e. as an end user), I didn't really get excited about the idea of the abilities system because it seems potentially ornerous. If it "just works", then in principle it does seem like a rational concept. But realistically, I don't actually want to have to "prove" to anyone that I know how to do things. While I can accept that it's sometimes necessary, it easily becomes monotonous.
In that vein, I feel like there's a significant missing component here, which is probably best encapsulated by a concept of "general competence and maturity". I'm a grown-up, and I want to be treated as one. We can't guarantee that's true of everyone coming to that platform, and in fact we must expect it won't be the case for many. But once I feel like I've put in the leg work to prove it, I don't want to be hassled anymore - pretty much at all.
The key is that the software be designed to make the same kind of decisions that a human mentor would if they were manually assigning permissions each time. Yes, if I've only ever posted answers, then suddenly go to edit someone's question for the first time, then it's hard to judge my competence or decide the risk. And there probably do need to be some minimal safeguards in place as you move into new tasks on the site. However, the risk is significantly lower if I've posted 50 good answers over a year, with lots of upvotes, than if I just made my account yesterday. That's why SE's reputation/privilege system works at all.
So I think there needs to be a concept of a general "user trust level", which unlocks at least some of the more ornerous safeguards after sufficient contributions in any area of the site. I also think that the abilities system, while innovative, and interesting to the nerds among us, should really be a hidden "under layer". If end users feel like they have to spend time learning to understand it before jumping in - we've already lost.
0 comment threads