Allow admins to view & delete uploaded images (pict-rs)

maltfield commented 7 months ago

Requirements

[X] This is a feature request and not a bug report. Otherwise, please create a new bug report instead.
[X] Please check to see if this request (or a similar one) already exists.
[X] It's a single feature. Please don't request multiple features in one issue.

Describe the feature you'd like

Requirements

[X] This is a feature request and not a bug report. Otherwise, please create a new bug report instead.
[X] Please check to see if this request (or a similar one) already exists.
[X] It's a single feature. Please don't request multiple features in one issue.

Describe the feature you'd like

This is a request to implement a section of the Lemmy WUI where admins can:

View all of the files that all of the users have uploaded to their lemmy instance
Delete individual files (eg photos) that users have uploaded

Problem

Currently it's not possible in the Lemmy WUI for admins to delete files that users have uploaded.

This is not just an inconvenience. It's a legal risk to lemmy instane admins.

Legally, instance admins must respond to "GDPR Erasure Requests" from their users. That is, if a user sends them a request to delete some content (eg a photo), then they must delete it from their website within a reasonable timeframe. This law applies to any website operating anywhere in the world (not just to websites or businesses located in the EU) that has users who are residents of the EU (so it likely affects >90% of public lemmy instances with >100 active users).

The fines for this violation are commonly millions of euros or a percent of of revenue, whichever is higher.

Currently there is no way for lemmy admins to find and delete images that have been uploaded by users in the WUI.

Currently there are no lemmy-specific API endpoints for admins to delete images that have been uploaded by users.

Currently it is possible for admins to delete images that have been uploaded by users via the pict-rs API, but it is non-trivial (how the heck does one get the alias or delete_token anyway?), and there is no examples given in the lemmy documentation describing how to do this.

Solution

There should be a very straightforward way in the lemmy WUI for dmins to view & delete any files that have been uploaded by users.

Because this dataset is so large, there should be a search field in the admin WUI where admins can enter attributes about the image that will find the image -- and then they can delete the image after its found.

Admins should be able to find images by querying for, at least:

The URL/filename of the image
The URL of the comment in which the image appears
The URL of the post in which image appears
A hash of the image
All (no filters; just return all of the images)

Moreover, the image results returned above should be able to be sorted:

By date uploaded
By number of views
By size
By number of references to the image (sum of comments and posts that include the image)
By number of flags associated with the image (sum of comments and posts that included the image that were flagged)

maltfield commented 7 months ago

See also this ticket to add a section to the Lemmy UI for users to be able to delete individual images without having to delete their account

https://github.com/LemmyNet/lemmy-ui/issues/2359

maltfield commented 6 months ago

For additional context of this issue, please see Nightmare on Lemmy Street (A Fediverse GDPR Horror Story)

LemmyNet / lemmy-ui