Tips for session moderation
When hosting a session that is open for random users, the threat of griefers coming in and making a mess of everyone's work is very real. While there is no technical solution to completely fix this problem, Drawpile does have some tools that help.
Typically most user logins are "guest" logins, meaning the username is not password protected. If you run your own server, you can create reserved user accounts.
Perhaps the most important use for this is creating moderator accounts. A moderator can log in to any session (even closed and password protected ones), will automatically gain operator privileges and cannot be kicked.
The server will remember the OP status of authenticated users and automatically restore it when rejoining a session.
Other things you can do is limit server access to registered users or block certain usernames.
Setting an operator password (opword) enables the Become operator menu item. When user accounts are not available, the opword is a simple way to avoid granting OP to impersonators.
When the server makes users operators
The server always tries to ensure that a session has an operator or at least the capability to gain an operator. A regular user can gain operator status by the following means:
- Being granted the status by another operator
- Using the opword (if set)
- An authenticated user (moderators excluded) will regain OP status when rejoining a session they have previously left
If no user can gain op by one of the above means (i.e. session has no OPs, opword is not set and there have been no authenticated operators,) the server will automatically make the oldest remaining user an operator.
This feature can be triggered quickly by hitting F12 (customizable). When someone is vandalizing the canvas, usually the first step is to lock the session. The damage can then be undone with the undo override feature. (The undo button in user list box.) Undo override can be used even while the session is locked.
Sometimes the damage cannot be fixed easily with the usual undo override. (E.g. when the offender quickly leaves and is no longer listed in the user list.) This is where session reset comes in.
Session reset is usually used to clear out old history to make joining faster. It can also be used to reset the session to an earlier state and is thus a useful tool for recovering a vandalized session.
Kick & ban
Session operators can kick and ban users from the session via the user list box. The list of banned users can be viewed and edited in the session settings dialog.
The in-session ban is an IP ban, but for privacy reasons the IP address of the banned user is not displayed in the UI.
Prior to the introduction of in-session bans in version 2.0, the server would interpret getting kicked from sessions repeatedly as an indication that the user was engaged in griefing and would automatically add their IP address to the banlist. In version 2.0, kicks no longer count toward serverwide bans, but getting banned from multiple different sessions in a short time period does.
Locking destructive actions
Unless you trust every member of the session, it's a good idea to limit layer controls (layer creation, deletion, etc.) to session operators. Drawpile has three levels of layer control restriction:
- Unrestricted: everyone can create and delete layers as they please
- Own layers: everyone can create layers and delete layers they created (in version 2.0)
- Operators only: only operators can create and delete layers
The "own layers" mode can be a good compromise if you need to allow users to create their own layers.
There are also a few other commands that can easily destroy entire layers: area fills and cut&paste. (External images can be pasted so this feature can also be abused to inject shock images onto the canvas.)
These operations can also be restricted to session operators. The restriction works by blocking the underlying commands (FillRect and PutImage) and thus disables all tools that use them. These include cut&paste, flood fill, annotation merging and selection fills.
Individual layers can be locked or given exclusively to certain users. For example, you might typically want to lock the background layer. An easy, if heavy handed, way to prevent users from interfering with each other is to isolate them on their own layers.
There are two layers of annotation locks. The first is a global restriction on adding new annotations. The second is a per-annotation "protect" flag. When set, the annotation can only be edited by the user who created it or by session operators.
Locking a user puts them into read-only mode.
In the session settings, you can uncheck the "allow new users to draw" checkbox to lock freshly joined users automatically. This gives you time to vet new users before allowing them to fully participate in the session.
User locking only affects drawing. Locked users can still use the laser pointer and chat.