Not a bug Conversation permissions - does not work both ways

Razasharp

Razasharp

Well-known member
I am not sure whether this should be classed as a bug or a flaw, but when enabling conversations for a usergroup it lets them bypass the receiver's own usergroup permissions.

Say you have a usergroup for normal registered users where PMs are not activated, and another for Subscribing Users that do have PMs - the latter can start a conversation with the former, which then enables the former to enter into the discussion and join the conversation.

This is undesirable because sometimes we want to simply limit CMs for certain members only.

I can see the benefit for the mod & admin team though, so maybe we need another permission, such as 'allow conversations to be started with those who may not start them themselves' ...then it would be perfect :)
 
As far as I'm aware, this is as designed, since the permission only stops creation of conversations.
 
Razasharp said:
I can see the benefit for the mod & admin team though, so maybe we need another permission, such as 'allow conversations to be started with those who may not start them themselves' ...then it would be perfect :)
Click to expand...

Exactly. If I don't want someone to have access to PMs, I don't want them to have access to PMs. But this would be perfect.
 
Maybe this should be under Suggestions? (Or maybe it already is.)

I agree--if I revoke a person's private conversation permissions, I do not want them to have access to the system at all. There are times when members abuse the system. What is to stop them from using an existing conversation to continue to harass someone, or for other members to continue sending them conversations? We do not like slapping bans on anyone unless it is warranted, and we have situations where we might want to stop their access to conversations but allow full forum access for everything else.
 
An open suggestion is still an open suggestion, meaning it's not guaranteed to be implemented, but it's also still a possibility.
 
Sorry I did not see the original suggestion, however I posted it here because I feel this is a serious flaw/bug - one that is open to abuse as commented above. I would have been unaware of this had I not tested it myself, and I wonder how many other XF users assume this works the same as on other forum platforms? (Might it be an idea to have a list of things where XF deviates from the norm?)
 
Last edited:
Part of the reason may be due to how it's implemented. For all purposes, a private conversation is nothing more than a private thread between two or more individuals. As such, it might be difficult to put a stop to private conversations completely (IOW, the banned member receiving new messages). But, I feel it would not be too difficult to disable post new/post reply privileges, since that affects the conversation only from one end.
 
Rudy said:
Part of the reason may be due to how it's implemented. For all purposes, a private conversation is nothing more than a private thread between two or more individuals. As such, it might be difficult to put a stop to private conversations completely (IOW, the banned member receiving new messages). But, I feel it would not be too difficult to disable post new/post reply privileges, since that affects the conversation only from one end.
Click to expand...

I would think it is a permissions check:

Initiate conversation [Can user PM?] [Is user Mod or Admin?]
If user is not SuperMod or Admin check receiver has permissions for conversations, if not, redirect back to user with notice.
 

Similar threads

Razasharp
  • Question Question
Ignore function - does it work both ways?
Replies
4
Views
616
Razasharp
Razasharp
Wildcat Media
  • Question Question
XF 1.1 Partial private conversation permissions?
Replies
4
Views
605
Wildcat Media
Wildcat Media
Zak Smith
Design issue "Test permissions" does not apply to Style Chooser
Replies
9
Views
1K
ragtek
R
Back
Top Bottom