• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

XF 1.2 Forums with limited permissions

#1
I know this is a common topic - but I can not figure out what the real intention of the design is here.

My user groups are basically like this..
- unregistered
- registered
- special promotion groups
- some restricted access groups (penalty box, limited access, etc)

All users are members of registered, and I add them to special promotion groups when those users pick-up new permissions to other nodes.

The user groups are setup so that registered users are granted the baseline permissions all users would expect.. posting, viewing, etc.

Normally I would expect to make the permission changes at the node level. Normally I'd like to treat all forums as the default level.. and either remove some permissions or grant new ones based on the groups.

My problem is because all users are members of 'registered users' - I have a very hard time making the forums how I need.

Specifically if I want to make a forum specific to only a certain group - I must mark it 'Private' and then give specific permissions to the group in question.

That works if I want ONLY that group to have permissions.

But if I want a forum everyone has the ability to read.. but only certain users to post.. I can't make it work out. My default is to have a special access group, and grant them permissions via 'allow' on the node to that user group.

But because I want to reduce the permissions of the general population, I use 'revoke' on the posting permissions of the group 'registered users'. I change the permissions on the node for the special access group to 'allow' for posting permissions. But because everyone is a member of 'registered users', even the special access users, the revoke on 'registered users' overrides the 'allow' permission granted by the special access group

If posting permissions are granted to 'registered users' - a group everyone is a member of.. how can I remove that permission while NOT removing it for everyone?

Either groups shouldn't be layered.. which obviously isn't the design given primary and secondary groups..
or
Permissions really shouldn't be granted to user groups like 'registered users'.

Can someone please paint a picture of how this should be setup?
 
#2
Maybe it's a bug?

The user in question is part of 'registered users' which is set to revoke on this node. The user is also part of a second user group which has 'allow' set for the node. According to the manual, 'revoke' can be overridden. And my expectation is the 'allow' in the second user group should allow the permission.

If I use the analyze permissions tool... it says the user account should be able post. The user actually has 'yes' for all the permissions listed in the analyze permissions tool for the node in question.

But if I use 'test permissions' and use the simulation of the user... they can't post in the forum.

So the analyze permissions and test permissions do not agree about the same user on the same node.
 

Jeremy

Well-known member
#3
Never cannot be overridden, a revoke can be overridden using an explicit allow. If you send me ACP access, I'll look into it.
 
#5
According to this...
http://xenforo.com/community/resources/understanding-permissions.360/

Allow + Revoke = Overall Yes

Only an explicit Allow (as opposed to an inherited Allow) can override a Revoke. A Revoke is designed to trump inherited access and reduce a user's permissions unless you explicitly Allow (no inheritance) that permission elsewhere in the Node Permissions (e.g. for one of the user's other groups).
the last sentance is exactly what I'm trying to do. The user is a member of two groups.. Group one has a revoke set on the node, but Group two has an Allow.

I don't think the forum is actually working right if these allow/revoke are from multiple group memberships and being applied on the same node level.
 

Jeremy

Well-known member
#6
As I said, your set up should be working. If you send me information I will look into it. Alternatively, you can use the analyze permissions tool to determine a root cause.
 
#7
As I said, your set up should be working. If you send me information I will look into it. Alternatively, you can use the analyze permissions tool to determine a root cause.
As I said in my earlier post..

If I use the analyze permissions tool... it says the user account should be able post. The user actually has 'yes' for all the permissions listed in the analyze permissions tool for the node in question.

But if I use 'test permissions' and use the simulation of the user... they can't post in the forum.
I also tried with a dummy user because the test and analyze permissions tools were in disgreement.. and the dummy user follows the 'test permissions' result. No posting.

So.. like I said.. analyze permissions is not matching what the forum actually allows for the user.

I've opened a support case now because this is not adding up