XF 2.1 Node Permissions query

RallyFan

RallyFan

Well-known member
Just reading through specifics on Node Permissions, and note how you can create Private Nodes as well.

SCENARIO: Staff Area node only to be accessible by Admins and Moderators.

SCENARIO 1: Category Node - marked as private node with only Admins and Moderators having access, and everyone else marked as Inherited.
SCENARIO 2: Category Node - all user groups set to NO, with exception of Admins and Moderators (Inherited).

Am I correct in stating that both scenarios achieve the same goal, yet there is a risk with Scenario 2 that a user group may not have permissions set to no, and end up exposing that category node?
 
Sort by date Sort by votes
Let's say your admin/moderator only forum is named Staff Only:

Node permissions->Staff Only->Registered: View node set to No
Node permissions->Staff Only->Unregistered / Unconfirmed: View node set to No

If all your Admins belong to the Moderating group as well as the administrative group then:
Node permissions->Staff Only->Moderating: View node set to Yes

If all, or some, of your admins do not belong to the moderating group:
Node permissions->Staff Only->Administrative: View node set to Yes

All other groups should be set to Inherent (that's the default setting, so other user groups View node does not have to be set to No as the registered group already is).
 
Upvote 0 Downvote
Mr Lucky said:
I believe a private node is more foolproof, in the event you create a new user group and forget to change permissions
Click to expand...
I figured that's what it would be.

One is potentially dangerous, the other is foolproof.

jeb35 said:
Regarding Scenario 2 I think I read somewhere that if they somehow get the actual URL then they can see the node. All staff nodes should be set to private.
Click to expand...
Just tested and this is not the case.
 
Upvote 0 Downvote
You must log in or register to reply here.

Similar threads

C
  • Question Question
XF 2.2 Node permissions
Replies
3
Views
418
Stuart Wright
Stuart Wright
frm
  • Question Question
XF 2.2 Node permission update error 403 Plesk control panel ModSecurity fix
Replies
4
Views
277
zoldos
zoldos
Fullmental
  • Question Question
XF 2.2 Not receiving alerts on a single watched node
Replies
2
Views
601
Fullmental
Fullmental
Joan1211
  • Question Question
XF 2.2 How to keep the node title on the first child
Replies
4
Views
920
Joan1211
Joan1211
Veer
[XenCustomize] Limit Resource Downloads [Paid]
2
Replies
35
Views
2K
Veer
Veer
Top Bottom