This "Flood control" sub-module was an idea originally proposed by Berdir in IRC. I'm starting this issue thread to begin a discussion.
Basically, this would be a generic approach to limit attempts to "spam" or "game" the points system. For instance, if you're awarding points for comments via the Userpoints Node and Comments module, this "Flood control" sub-module would allow you limit the number of comments that can be earned in an hour, day, week, or whatever time period is chosen by the site admin. Users wouldn't be able to earn continual points for dozens of meaningless comments.
Ideally, you'd be able to limit points transactions based on both the operation and the points category. Thus, if you only wanted to limit points from accumulating in an hour for nodes, but not for comments (or for "Forum" points, but not "Goodwill" points), you could do so.
Thoughts?
--Ben
Comments
Comment #1
chuckbar77 commented+1 subscribing! This feature will really help sites that encourage interaction by awarding points!
Comment #2
NathanM commentedSubscribing. Would like to see a 6x version, as well. I noticed that FBSS allows you to limit the amount of points a user can earn over the course of a day. Perhaps the code from that could be useful for creating something that is applicable on a global scale.
Comment #3
BenK commentedBased on a conversation with Berdir, I did more brainstorming on this. Here are what I think are the essentials for a flood control module from a functional perspective.
1. Create flood control limits based on the following:
a) Operation
b) Points category
c) User (kind of a global mode across all operations and categories for that user)
We may also need a special case for a) above when it involves an operation supplied by Userpoints Node and Comments. If points are awarded for adding a node, we may need a way to specify a more specific flood control based on the content type.
2. We need a way to exempt certain points transactions from flood controls (if, for instance, a privileged administrator is manually awarding the points). This could probably be done with an extra checkbox setting on the add/edit transaction form (in the "Status" section) that allows you to exempt a transaction from flood controls.
3. We need a setting to specify if a positive points award, negative points award, or both counts toward the flood control. For instance, in some use cases we may want a flood control to prevent lots of positive points awards, but to allow numerous negative ones (such as when a bunch of transactions are expiring). Perhaps we need a separate setting to exempt "expiry" transactions if desired?
4. We need a setting to specify a time duration to apply to the flood control, including both the number and the unit of time. This would allow us to specify a flood control based on periods like 3 minutes, 1 hour, 10 hours, 3 daya, 2 weeks, and 1 year.
5. We need to figure out a UI for managing these flood control "rules". One possibility would be something similar to Private Message module's global user blocking rules page.
Thoughts?
--Ben
Comment #4
berdirSome feedback...
1) Not sure what you mean with c). Would that be a checkbox to check if this is a per-user limit or a global one? I see what you mean with the "more fine-grained settings" than just operation. Need to think about that. We can always extend hook_userpoints_info() but I'm not sure yet how that would work.
Also, this just allows to declare the condition for a limit. We also need settings to define *what* is actually limited. Thinking about 3), the following should cover it all, I think:
"All transactions" => # of transactions
"Positive transactions" => # of transactions
"Negative transactions" => # of transactions
"Points" => # points. Positive/Negative doesn't matter, only the sum counts.
2) Hm. Yes. That won't work without some changes to userpoints.module itself, though.
3) See above. Note that expiry will soon not be affected be limits anymore. Because the original node will be marked as expired and userpoints.module will automatically update the total points. No need for a dummy transaction. And since limits would imho only affect new transactions (because it's not possible to handle existing ones I think), it doesn't affect this. Problem solved ;)
4. And yes, that's the third thing that needs to be configured.
5. I don't think a horizontal, table-like form is going to scale to the number of settings we need here. The blocking rules form is already jam-packed (fun word :p). I think the only viable option is the default list + separate add/edit form. We might want to use more than a single line to be able to display a useful summary, though. Think Views UI.
Comment #5
BenK commentedBerdir,
All excellent points. Let me clarify what I meant in c) and also revise what I said in 1. Here's what I'm now thinking:
1. Create flood control limits based on the following:
a) Operation
b) Points category
c) Points: This would be a flood control limit based on the total number of points awarded in a given period of time. The operation or points category wouldn't matter. Basically, it would be impossible to earn more points (of any variety) than the flood control limit allows.
Then, for each flood control rule, we would have some checkboxes available for specifying the "Flood control scope". Basically, this is whether the rule should apply to an individual user or globally to all users. The user setting would be the common use case so that a given user is limited from earning more than the allowed points. But the global setting would be useful if you wanted to say that "there are 100 points to be earned during this hour and the first users to act get the points... once the points are used up there are no more left." Actually, I can think of a third option: Limit the scope to a particular role. This way, you could say that "premium" users have a different flood control limit than regular authenticated users.
As for the UI, maybe something similar to what is used in User Relationships for the relationship type? Basically, each relationship type has its own add/edit page, but then they are summarized on the main page. Is that more along the lines of what you mean?
--Ben
Comment #6
BenK commentedBerdir made a good point in IRC that I wanted to document here:
We also need to be able to configure the "action" to take if a flood control limit is violated. Possible options include:
* Mark as pending
* Mark as declined
* Mark as expired
* Block with a user message
* Block without a user message (silently)
* Mark as "blocked" (this would be a new status level that we would create specifically for flood control)
We'd probably also need a way to specify an automated (and possible manual description) for why the transaction was blocked, declined, etc.
--Ben
Comment #7
YK85 commentedsubscribing
Comment #8
Bastlynn commentedsubscribing.
Comment #9
manuel.adanCurrently, only bug fixes are made for the 7.x version. Feature requests are moving to branch 8.x. Please reopen only if a working patch is provided for this version and want to maintain it.
Anyway, in 8.x, it is something to support in the transaction module, by an event or hook triggered in the transaction execution validation (pre-execution).
Ratio-limit conditions can vary a lot from one site to another. A sub-module that provides support for this wide range of scenarios would be hard to implement and maintain. I think that such limits should be established with rules.