✨ Added ability to ban members from commenting

rob-ghost · rob-ghost · commit 30e5595c9802 · 2025-12-18T18:02:17.000Z
ref https://linear.app/ghost/issue/FEA-487 Adds a `can_comment` boolean field to the Member model that allows admins to ban specific members from commenting. When set to false, the member cannot create new comments or replies.
diff --git a/ghost/core/core/server/api/endpoints/utils/serializers/output/mappers/comments.js b/ghost/core/core/server/api/endpoints/utils/serializers/output/mappers/comments.js
@@ -19,7 +19,8 @@ const memberFields = [
     'uuid',
     'name',
     'expertise',
-    'avatar_image'
+    'avatar_image',
+    'can_comment'
 ];
 
 const memberFieldsAdmin = [
@@ -28,7 +29,8 @@ const memberFieldsAdmin = [
     'name',
     'email',
     'expertise',
-    'avatar_image'
+    'avatar_image',
+    'can_comment'
 ];
 
 const postFields = [
diff --git a/ghost/core/core/server/api/endpoints/utils/serializers/output/members.js b/ghost/core/core/server/api/endpoints/utils/serializers/output/members.js
@@ -178,6 +178,7 @@ function serializeMember(member, options) {
         email_recipients: json.email_recipients,
         status: json.status,
         last_seen_at: json.last_seen_at,
+        can_comment: json.can_comment,
         attribution: serializeAttribution(json.attribution),
         unsubscribe_url: json.unsubscribe_url
     };
diff --git a/ghost/core/core/server/data/migrations/versions/6.11/2025-12-18-15-58-add-can-comment-to-members.js b/ghost/core/core/server/data/migrations/versions/6.11/2025-12-18-15-58-add-can-comment-to-members.js
@@ -0,0 +1,7 @@
+const {createAddColumnMigration} = require('../../utils');
+
+module.exports = createAddColumnMigration('members', 'can_comment', {
+    type: 'boolean',
+    nullable: false,
+    defaultTo: true
+});
diff --git a/ghost/core/core/server/data/schema/schema.js b/ghost/core/core/server/data/schema/schema.js
@@ -429,6 +429,7 @@ module.exports = {
         note: {type: 'string', maxlength: 2000, nullable: true},
         geolocation: {type: 'string', maxlength: 2000, nullable: true},
         enable_comment_notifications: {type: 'boolean', nullable: false, defaultTo: true},
+        can_comment: {type: 'boolean', nullable: false, defaultTo: true},
         email_count: {type: 'integer', unsigned: true, nullable: false, defaultTo: 0},
         email_opened_count: {type: 'integer', unsigned: true, nullable: false, defaultTo: 0},
         email_open_rate: {type: 'integer', unsigned: true, nullable: true, index: true},
diff --git a/ghost/core/core/server/models/member.js b/ghost/core/core/server/models/member.js
@@ -16,7 +16,8 @@ const Member = ghostBookshelf.Model.extend({
             transient_id: crypto.randomUUID(),
             email_count: 0,
             email_opened_count: 0,
-            enable_comment_notifications: true
+            enable_comment_notifications: true,
+            can_comment: true
         };
     },
 
diff --git a/ghost/core/core/server/services/comments/CommentsService.js b/ghost/core/core/server/services/comments/CommentsService.js
@@ -11,7 +11,8 @@ const messages = {
     replyToReply: 'Can not reply to a reply',
     commentsNotEnabled: 'Comments are not enabled for this site.',
     cannotCommentOnPost: 'You do not have permission to comment on this post.',
-    cannotEditComment: 'You do not have permission to edit comments'
+    cannotEditComment: 'You do not have permission to edit comments',
+    memberCannotComment: 'You do not have permission to comment.'
 };
 
 class CommentsService {
@@ -61,6 +62,12 @@ class CommentsService {
 
     /** @private */
     checkCommentAccess(memberModel) {
+        if (memberModel.get('can_comment') === false) {
+            throw new errors.NoPermissionError({
+                message: tpl(messages.memberCannotComment)
+            });
+        }
+
         if (this.enabled === 'paid' && memberModel.get('status') === 'free') {
             throw new errors.NoPermissionError({
                 message: tpl(messages.cannotCommentOnPost)
diff --git a/ghost/core/core/server/services/members/members-api/repositories/MemberRepository.js b/ghost/core/core/server/services/members/members-api/repositories/MemberRepository.js
@@ -505,6 +505,7 @@ module.exports = class MemberRepository {
             'products',
             'newsletters',
             'enable_comment_notifications',
+            'can_comment',
             'last_seen_at',
             'last_commented_at',
             'expertise',
diff --git a/ghost/core/test/e2e-api/admin/members.test.js b/ghost/core/test/e2e-api/admin/members.test.js
@@ -2397,6 +2397,86 @@ describe('Members API', function () {
         });
     });
 
+    describe('can_comment', function () {
+        let testMember;
+
+        beforeEach(async function () {
+            testMember = await createMember({
+                email: 'can-comment-test@test.com',
+                name: 'Test Member for can_comment'
+            });
+        });
+
+        afterEach(async function () {
+            await models.Member.destroy({id: testMember.id});
+        });
+
+        it('New members can comment by default', async function () {
+            should(testMember.get('can_comment')).be.true();
+        });
+
+        it('Can ban a member from commenting', async function () {
+            // Verify member can comment by default
+            should(testMember.get('can_comment')).be.true();
+
+            // Ban member from commenting
+            const {body} = await agent
+                .put(`/members/${testMember.id}/`)
+                .body({members: [{can_comment: false}]})
+                .expectStatus(200);
+
+            // Verify response includes can_comment: false
+            should(body.members[0].can_comment).be.false();
+
+            // Verify database was updated
+            await testMember.refresh();
+            should(testMember.get('can_comment')).be.false();
+        });
+
+        it('Can unban a member from commenting', async function () {
+            // First ban the member
+            await agent
+                .put(`/members/${testMember.id}/`)
+                .body({members: [{can_comment: false}]})
+                .expectStatus(200);
+
+            await testMember.refresh();
+            should(testMember.get('can_comment')).be.false();
+
+            // Now unban the member
+            const {body} = await agent
+                .put(`/members/${testMember.id}/`)
+                .body({members: [{can_comment: true}]})
+                .expectStatus(200);
+
+            // Verify response includes can_comment: true
+            should(body.members[0].can_comment).be.true();
+
+            // Verify database was updated
+            await testMember.refresh();
+            should(testMember.get('can_comment')).be.true();
+        });
+
+        it('Returns can_comment in member read response', async function () {
+            const {body} = await agent
+                .get(`/members/${testMember.id}/`)
+                .expectStatus(200);
+
+            should(body.members[0]).have.property('can_comment');
+            should(body.members[0].can_comment).be.true();
+        });
+
+        it('Returns can_comment in member browse response', async function () {
+            const {body} = await agent
+                .get(`/members/?filter=email:can-comment-test@test.com`)
+                .expectStatus(200);
+
+            should(body.members.length).be.greaterThan(0);
+            should(body.members[0]).have.property('can_comment');
+            should(body.members[0].can_comment).be.true();
+        });
+    });
+
     // Log out
     it('Can log out', async function () {
         const member = await createMember({
