XF 2.2 Correct Way Of Doing User Group Permissions?

Serpius

Active member
This is a continuation of this thread → THREAD

Oh! I've done this wrong. Maybe a bit more clarification is in order...

View this screenshot...

E2NfdzM.png



This is what it looks like in my default Registered Users Group permissions.

Now, if I am reading your response correctly... those 2 'NO's that I see will be 'YES' in the Admin User Group, but all of the others will be set to 'NO' but essentially "overwritten" by the cumulative effect of pulling the permissions from the default Registered user group.

Is that how technically all of this user group stuff supposed to work?

So... essentially... because I have check marked both Registered AND Admin, the cumulative effect will enable me to use those 2 'NO's that are not part of the Registered User Group. I hope I am making sense, but I'm still trying to make sense of this Cumulative Effect thing.

What about the Moderation section (by expanding this section), in the Admin? Those are automatically set to 'NO' by virtue of being pulled from the Registered User Group. Does this mean that if I want the Admin to have Moderation permissions, I must set these to 'YES'?
 
I think that’s right based on what I could interpret.

“No” could be seen as “not specified” instead. And if your permission for a given item is not specified, you aren’t allowed to do it.

So “yes” overrides “not specified” when you add multiple user groups together.
 
Still no response to this part...

What about the Moderation section (by expanding this section), in the Admin? Those are automatically set to 'NO' by virtue of being pulled from the Registered User Group. Does this mean that if I want the Admin to have Moderation permissions, I must set these to 'YES'?
 
Still no response to this part...

What about the Moderation section (by expanding this section), in the Admin? Those are automatically set to 'NO' by virtue of being pulled from the Registered User Group. Does this mean that if I want the Admin to have Moderation permissions, I must set these to 'YES'?

yes. In general admins should have most permissions as yes, imo.
 
The NO should indeed be seen as a "no at this moment, but maybe yes". So it is specified as no, but depending on other groups/node permissions.

I was struggling with this too a bit in the beginning, but this very helped me.
NO + YES = YES
YES + NO = YES
so basically a YES anywhere, overrules a no anywhere.

NEVER + YES = NO
So in case a Never is present anywhere, fat chance getting it enabled. Never = a unchangable no, even for admins!

Then this one is important to understand to.
INHERIT = inheriting what is configured. But -any- yes or no statement will overrule a inherited setting.
So a specified NO will overrule an in herited YES of a group.
Like this:
INHERIT + NO = NO
INHERIT + YES = YES
and ofcourse with a "never" it's never anyway.
 
Paraphrasing in my own manner:
Yes means permission given
No means permission not given by this setting (but it may be given elsewhere)
Never means permission absolutely withdrawn regardless of any other applicable permissions

Thus, if you have a combination
No
No
Yes
No
the outcome is yes

Whereas
No
No
No
No
No
is No

and
No
Never
No
Yes
No
is No
 
Top Bottom