Duplicate Node-based integer permission does not become active

[Kirby]

Affected version

2.0.9

Steps to Reproduce

1. Set "Time limit on editing/deleting own posts" for usergroup Registered to Unlimited
2. Create a new user that is a member of Registered only
3. Set "Time limit on editing/deleting own posts" for usergroup Registered in a specific node to 30 Minutes
4. Analzye permissions for the user created in step 2) for the node configured in step 3)

Expected Result
Final permission is 30 minutes

Actual Result
Final permission is unlimited

 

[S Thomas]

AFAIR integer permissions take the biggest value, not the smallest.

 

[Kirby]

Yes, but there is only one value set for this group in this node: 30 minutes.
So this really should become active, it has been explicity set.

 

[S Thomas]

The default value for integer permissions is 0, so no clue why it shows up as unlimited.

Edit: No, wait, you're setting the Limit for Registered to unlimited explicitely:

Set "Time limit on editing/deleting own posts" for usergroup Registered to Unlimited

Hence obviously this will override any integer value.

 

[Kirby]

0 is not Unlimited

 

[S Thomas]

Yea, see the edit above. And unlimited is bigger than 30, even if its actual form value is -1. Node permissions do not ignore global permissions, they complement them. So you always have 2 permissions set when setting a node permission. There's a reason why the default node perm value is "inherit" and not a specific value.

 

[Kirby]

Yea, see the edit above. And unlimited is bigger than 30, even if its actual form value is -1.

Yes, but the behaviour seems inconsistent to me.

Edit own posts Global Yes, Node No

So this allows to give this usergroup in this node lower permissions (No) than it has globally (Yes).
However, I can't give them a lower time limit than globally.

 

[MaGeFH]

I agree, integer-based permissions should not be unified to the largest given inside one usergroup.

We are dealing with a hierarchical structure here. Any permission set (again for a single usergroup) is intended to work for that group on that node. Inside a single group, that value should work on that node. Anything else would be totally counter-intuitive.

When multiple groups are providing an interger-based permission for a node, then yes, the largest (the most permissive one) should win. But inside a single group, the most specific one should win.

 

[Chris D]

With integer permissions, the least restrictive value is used and there's no concept of priority as there is with normal permissions.

This has been reported previously and, well, our stance on it hasn't changed:

Integer values don't have the "priority" concept of regular permissions -- higher values simply have a higher precedence. As such, they can only be increased. A system of "distance" for content-level integer permissions could theoretically be used but that's a whole thing on its own and changes permission priorities.

 

[Kirby]

Although I disagree, this should at least be documented - maybe a notice on the permission page or smth.

 

[ehd]

Struggled with that, too. And there was nothing in the manual.