1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Not a Bug Conversation permissions - does not work both ways

Discussion in 'Resolved Bug Reports' started by Razasharp, Oct 1, 2013.

  1. Razasharp

    Razasharp Well-Known Member

    I am not sure whether this should be classed as a bug or a flaw, but when enabling conversations for a usergroup it lets them bypass the receiver's own usergroup permissions.

    Say you have a usergroup for normal registered users where PMs are not activated, and another for Subscribing Users that do have PMs - the latter can start a conversation with the former, which then enables the former to enter into the discussion and join the conversation.

    This is undesirable because sometimes we want to simply limit CMs for certain members only.

    I can see the benefit for the mod & admin team though, so maybe we need another permission, such as 'allow conversations to be started with those who may not start them themselves' ...then it would be perfect :)
     
    Blue likes this.
  2. Jeremy

    Jeremy XenForo Moderator Staff Member

    As far as I'm aware, this is as designed, since the permission only stops creation of conversations.
     
  3. Blue

    Blue Well-Known Member

    Exactly. If I don't want someone to have access to PMs, I don't want them to have access to PMs. But this would be perfect.
     
    Razasharp likes this.
  4. Rudy

    Rudy Well-Known Member

    Maybe this should be under Suggestions? (Or maybe it already is.)

    I agree--if I revoke a person's private conversation permissions, I do not want them to have access to the system at all. There are times when members abuse the system. What is to stop them from using an existing conversation to continue to harass someone, or for other members to continue sending them conversations? We do not like slapping bans on anyone unless it is warranted, and we have situations where we might want to stop their access to conversations but allow full forum access for everything else.
     
    Razasharp and Blue like this.
  5. Jeremy

    Jeremy XenForo Moderator Staff Member

  6. Blue

    Blue Well-Known Member

    Started 2 years ago.
     
    Razasharp likes this.
  7. Jeremy

    Jeremy XenForo Moderator Staff Member

    An open suggestion is still an open suggestion, meaning it's not guaranteed to be implemented, but it's also still a possibility.
     
  8. Blue

    Blue Well-Known Member

    You're right. At least it isn't closed.
     
  9. Rudy

    Rudy Well-Known Member

    Go "like" the original post in that thread to put your "vote" in to add it as a feature. I replied there as well. :)
     
  10. Blue

    Blue Well-Known Member

    Rudy likes this.
  11. Razasharp

    Razasharp Well-Known Member

    Sorry I did not see the original suggestion, however I posted it here because I feel this is a serious flaw/bug - one that is open to abuse as commented above. I would have been unaware of this had I not tested it myself, and I wonder how many other XF users assume this works the same as on other forum platforms? (Might it be an idea to have a list of things where XF deviates from the norm?)
     
    Last edited: Oct 1, 2013
  12. Rudy

    Rudy Well-Known Member

    Part of the reason may be due to how it's implemented. For all purposes, a private conversation is nothing more than a private thread between two or more individuals. As such, it might be difficult to put a stop to private conversations completely (IOW, the banned member receiving new messages). But, I feel it would not be too difficult to disable post new/post reply privileges, since that affects the conversation only from one end.
     
  13. Razasharp

    Razasharp Well-Known Member

    I would think it is a permissions check:

    Initiate conversation [Can user PM?] [Is user Mod or Admin?]
    If user is not SuperMod or Admin check receiver has permissions for conversations, if not, redirect back to user with notice.
     

Share This Page