1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

XF 1.2 Forums with limited permissions

Discussion in 'XenForo Questions and Support' started by flynnibus, Nov 18, 2013.

  1. flynnibus

    flynnibus Member

    I know this is a common topic - but I can not figure out what the real intention of the design is here.

    My user groups are basically like this..
    - unregistered
    - registered
    - special promotion groups
    - some restricted access groups (penalty box, limited access, etc)

    All users are members of registered, and I add them to special promotion groups when those users pick-up new permissions to other nodes.

    The user groups are setup so that registered users are granted the baseline permissions all users would expect.. posting, viewing, etc.

    Normally I would expect to make the permission changes at the node level. Normally I'd like to treat all forums as the default level.. and either remove some permissions or grant new ones based on the groups.

    My problem is because all users are members of 'registered users' - I have a very hard time making the forums how I need.

    Specifically if I want to make a forum specific to only a certain group - I must mark it 'Private' and then give specific permissions to the group in question.

    That works if I want ONLY that group to have permissions.

    But if I want a forum everyone has the ability to read.. but only certain users to post.. I can't make it work out. My default is to have a special access group, and grant them permissions via 'allow' on the node to that user group.

    But because I want to reduce the permissions of the general population, I use 'revoke' on the posting permissions of the group 'registered users'. I change the permissions on the node for the special access group to 'allow' for posting permissions. But because everyone is a member of 'registered users', even the special access users, the revoke on 'registered users' overrides the 'allow' permission granted by the special access group

    If posting permissions are granted to 'registered users' - a group everyone is a member of.. how can I remove that permission while NOT removing it for everyone?

    Either groups shouldn't be layered.. which obviously isn't the design given primary and secondary groups..
    Permissions really shouldn't be granted to user groups like 'registered users'.

    Can someone please paint a picture of how this should be setup?
  2. flynnibus

    flynnibus Member

    Maybe it's a bug?

    The user in question is part of 'registered users' which is set to revoke on this node. The user is also part of a second user group which has 'allow' set for the node. According to the manual, 'revoke' can be overridden. And my expectation is the 'allow' in the second user group should allow the permission.

    If I use the analyze permissions tool... it says the user account should be able post. The user actually has 'yes' for all the permissions listed in the analyze permissions tool for the node in question.

    But if I use 'test permissions' and use the simulation of the user... they can't post in the forum.

    So the analyze permissions and test permissions do not agree about the same user on the same node.
  3. Jeremy

    Jeremy Well-Known Member

    Never cannot be overridden, a revoke can be overridden using an explicit allow. If you send me ACP access, I'll look into it.
  4. flynnibus

    flynnibus Member

    I'm not using Never - I'm using revoke - which according to the manual can be overriden.
  5. flynnibus

    flynnibus Member

    According to this...

    the last sentance is exactly what I'm trying to do. The user is a member of two groups.. Group one has a revoke set on the node, but Group two has an Allow.

    I don't think the forum is actually working right if these allow/revoke are from multiple group memberships and being applied on the same node level.
  6. Jeremy

    Jeremy Well-Known Member

    As I said, your set up should be working. If you send me information I will look into it. Alternatively, you can use the analyze permissions tool to determine a root cause.
  7. flynnibus

    flynnibus Member

    As I said in my earlier post..

    I also tried with a dummy user because the test and analyze permissions tools were in disgreement.. and the dummy user follows the 'test permissions' result. No posting.

    So.. like I said.. analyze permissions is not matching what the forum actually allows for the user.

    I've opened a support case now because this is not adding up

Share This Page