strapi-plugin-comments icon indicating copy to clipboard operation
strapi-plugin-comments copied to clipboard
verified publisher icon VirtusLab-Open-Source

Feature request: expose report author in Public API and allow moderation actions via Public API

Open fexxdev opened this issue 5 months ago • 4 comments

Strapi 5.26.1 Plugin: 3.1.0

Summary

Two API improvements would greatly help when building a custom moderation UI outside Strapi Admin: 1. Expose the reporter (author) of abuse reports in the Public REST API responses. 2. Allow moderation actions (resolve/reopen report, block/unblock comment, approve/reject) via the Public REST API.

Context

•	Strapi v5 + strapi-plugin-comments (latest)
•	We’re building an external dashboard to manage comments and reports.
•	Reading comments via the Public API works well; however:
•	The report author is not available through the Public API response (or cannot be populated), making it impossible to show “who reported” in our UI.
•	Moderation endpoints exist only outside the /api namespace (admin-only). To moderate from a front-end (or a backend-for-frontend), we need equivalent Public API routes.

Current behavior

•	GET /api/comments/<relation>/flat returns comments (OK).
•	GET /api/comments/reports?... or GET /api/comments/<relation>/reports returns reports but does not include reporter details (or populate for author is not honored).
•	Moderation actions are only available at non-public routes, e.g.:
•	PUT /comments/moderate/:commentId { action: 'approve'|'reject' }
•	PUT /comments/moderate/single/:commentId/block
•	PUT /comments/moderate/single/:commentId/unblock
•	PUT /comments/moderate/single/:commentId/report/:reportId/(resolve|reopen)

These are not available under /api/... and require an admin token.

Desired behavior

(1) Reporter exposure in Public API • Public endpoints that return reports should include minimal reporter info: • id, username/name (email optional/behind a flag for privacy) • Support populate=author or a dedicated include=author query param. • Allow field selection/exclusion to avoid PII: • e.g. ?omit[]=author.email or ?select[author][]=id&select[author][]=name

Example response (desired)

{
  "result": [
    {
      "id": 5,
      "reason": "OTHER",
      "content": "This is misleading",
      "resolved": false,
      "createdAt": "2025-07-24T19:30:34.192Z",
      "related": { "id": 4, "content": "aaa" },
      "author": { "id": "123", "username": "fexx", "name": "Federico" }
    }
  ],
  "pagination": { "page": 1, "pageSize": 10, "pageCount": 1, "total": 1 }
}

(2) Public API for moderation

Mirror existing moderation actions under the Public API prefix.

Thanks a lot for the great plugin! These two additions would let teams build safe, external moderation tools without needing to proxy admin-only routes.

fexxdev avatar Aug 30 '25 21:08 fexxdev

Hi! Sorry to bother really, just wanted to ping in case you missed this out. @Kronos66 @cyp3rius thank you!

fexxdev avatar Sep 07 '25 09:09 fexxdev

I would really need this too, i was unsure if mark it as a bug and create a new issue

Jambo41 avatar Sep 23 '25 08:09 Jambo41

Hi! No worries if this isn’t something that can be worked on right now. I’d just like to understand whether it’s something you might handle in the near future, or if it’s better not to wait and instead look for alternative solutions. Happy to help in any way I can—thank you very much! @mateusz-kleszcz

fexxdev avatar Sep 29 '25 17:09 fexxdev

Noted folks, and added to the backlog :) The PR's are more than welcome if you've got an idea and spare time to extend the plugin by such functionality.

cyp3rius avatar Oct 02 '25 06:10 cyp3rius