• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

Not a bug Conversation permissions - does not work both ways

Razasharp

Well-known member
#1
I am not sure whether this should be classed as a bug or a flaw, but when enabling conversations for a usergroup it lets them bypass the receiver's own usergroup permissions.

Say you have a usergroup for normal registered users where PMs are not activated, and another for Subscribing Users that do have PMs - the latter can start a conversation with the former, which then enables the former to enter into the discussion and join the conversation.

This is undesirable because sometimes we want to simply limit CMs for certain members only.

I can see the benefit for the mod & admin team though, so maybe we need another permission, such as 'allow conversations to be started with those who may not start them themselves' ...then it would be perfect :)
 

Blue

Well-known member
#3
I can see the benefit for the mod & admin team though, so maybe we need another permission, such as 'allow conversations to be started with those who may not start them themselves' ...then it would be perfect :)
Exactly. If I don't want someone to have access to PMs, I don't want them to have access to PMs. But this would be perfect.
 

Rudy

Well-known member
#4
Maybe this should be under Suggestions? (Or maybe it already is.)

I agree--if I revoke a person's private conversation permissions, I do not want them to have access to the system at all. There are times when members abuse the system. What is to stop them from using an existing conversation to continue to harass someone, or for other members to continue sending them conversations? We do not like slapping bans on anyone unless it is warranted, and we have situations where we might want to stop their access to conversations but allow full forum access for everything else.
 

Jeremy

Well-known member
#7
An open suggestion is still an open suggestion, meaning it's not guaranteed to be implemented, but it's also still a possibility.
 

Razasharp

Well-known member
#11
Sorry I did not see the original suggestion, however I posted it here because I feel this is a serious flaw/bug - one that is open to abuse as commented above. I would have been unaware of this had I not tested it myself, and I wonder how many other XF users assume this works the same as on other forum platforms? (Might it be an idea to have a list of things where XF deviates from the norm?)
 
Last edited:

Rudy

Well-known member
#12
Part of the reason may be due to how it's implemented. For all purposes, a private conversation is nothing more than a private thread between two or more individuals. As such, it might be difficult to put a stop to private conversations completely (IOW, the banned member receiving new messages). But, I feel it would not be too difficult to disable post new/post reply privileges, since that affects the conversation only from one end.
 

Razasharp

Well-known member
#13
Part of the reason may be due to how it's implemented. For all purposes, a private conversation is nothing more than a private thread between two or more individuals. As such, it might be difficult to put a stop to private conversations completely (IOW, the banned member receiving new messages). But, I feel it would not be too difficult to disable post new/post reply privileges, since that affects the conversation only from one end.
I would think it is a permissions check:

Initiate conversation [Can user PM?] [Is user Mod or Admin?]
If user is not SuperMod or Admin check receiver has permissions for conversations, if not, redirect back to user with notice.