XF 1.2 Permission Analysis

Permissions in XenForo are very powerful. However, this can also create confusion, especially if you are just getting to grips with the concepts in XenForo's permission system.

The biggest challenge is often determining why a user has (or doesn't have) a permission. XenForo 1.2 adds a permission analysis system to help you determine this.

Using it is very simple:

First, you can choose whether you just want to look at global (user group and user) or node permissions. Global permissions still factor into node permissions, so I'm just looking at the latter here.

Then you enter the user you want to check the permissions for and--if you're checking node permissions--the node to check. After submitting the form, you'll be given a list of all of the permissions with the final, calculated yes/no/integer values displayed:

Each of these can then be displayed with the "details" link showing you exactly what is contributing to that.

Looking at the "view node" permission, the final value is yes, but you can see that I revoked viewing for registered users but then re-allowed it for admins. Note that we're actually looking at the permissions for "main forum" here. These changes were on the category, but because the permissions bubble down, they're relevant here.

Conversely, for "post new thread", it's revoked for registered users at the "main forum" level itself, but nothing overrides that so it's still no.

Now I can quickly see what the permissions are for a particular user and, if they're wrong, diagnose it and change them as necessary.

 

[xf_phantom]

But regardless, that's not really the general target of this.

I see. I've misinterpreted this:/

 

[Chris D]

You think too much in the mind of an add-on developer

Just think about it on a basic level. Regardless if there's a function that evaluates a permission and then overrides it based on some other criteria, most of the time that isn't even important.

Think about it from a forum admin point of view.

Let's say you've created a premium membership and you want to confirm user A (promoted) can view and post in forum Y but user B (not promoted) cannot view or post in forum Y. This let's you do that.

 

[Ryan89]

Thanks Mike! Thats awesome. And now, please confirm a Online/Offline indicator

 

[Renegade]

Very nifty indeed. So many times I find myself struggling to find out what went wrong with this user in this forum.

 

[Melvin Garcia]

very nice work Mike

 

[DRE]

I'm on a computer to take a second look and now it looks even more confusing. I'll probably never use this.

 

[yavuz]

This is a nice addition. About permissions; our challenge with our huge node present, it's tricky to set up nodes expecially if you have a lot of usergroups as well. I miss a feature where you can inherit another nodes (or usergroups) permission set. This saves a lot of time (and nerves).

I hope somewhere down the line a similar feature gets implemented in XenForo.

 

[Morgain]

Thanks Mike - I remember working out a grid analysis for this which I proposed here, but I;m sure what you;ve done is sleeker. Will save us earthlings a lot of painful effort.

I'm on a computer to take a second look and now it looks even more confusing. I'll probably never use this.

Courage DRE it looks like the kinda thing will make sense when we play with it. After all it's only an observation tool so it wont hurt anything.

inherit another nodes (or usergroups) permission set. This saves a lot of time (and nerves).
I hope somewhere down the line a similar feature gets implemented in XenForo.

Yes I would like a Node Inherit too.

 

[Eagle]

Very nice

 

[John L.]

Crossed my fingers for a widget manager, but this is pretty cool too. Thanks Mike!

 

[Omar Adel]

really i see many scripts over the internet, xenforo is the best
i really congratulate you about this great work.
i will make a new site i'm think about it's idea from several months and will work with xenforo script.
i think if you look more in the user privacy and increase it's options will be more better
thank you very much and keep on good work.

Omar

 

[jerremy]

I already expected that there would be a new 'have you seen'. Very nice to see it daily now

 

[Carlos]

This is quite a nice feature. Just a question? If I turn off one or two features for a particular usergroup, will the overall "result" become a "No" in this area?

I understand the permissions, but sometimes, the permission system has results that come out differently than what the admin thinks.

 

[Roach]

Very, very useful tool here! Thank you.

 

[Chris D]

This is quite a nice feature. Just a question? If I turn off one or two features for a particular usergroup, will the overall "result" become a "No" in this area?

I understand the permissions, but sometimes, the permission system has results that come out differently than what the admin thinks.

Unfortunately then, you don't understand the permissions system.

Whenever I use it I'm always certain of the expected outcome.

 

[psTubble27]

Great, Mike. How does this correlate with the "Test Permissions" feature?

http://xenforo.com/community/threads/issue-with-test-permissions-in-admincp.50407/

 

[Morgain]

Unfortunately then, you don't understand the permissions system.
Whenever I use it I'm always certain of the expected outcome.

Chris that;s the difference between you and merely human admins Actually if you're a dev you probly deal with permissions quite often. For an ordinary admin it's something you might revisit only once or twice ayear or less - making it hard to remember how it works and how you set it up.
Which is why this feature will be a blessing to the humble masses.

 

[Teapot]

Chris that;s the difference between you and merely human admins Actually if you're a dev you probly deal with permissions quite often. For an ordinary admin it's something you might revisit only once or twice ayear or less - making it hard to remember how it works and how you set it up.
Which is why this feature will be a blessing to the humble masses.

Agreed. Although I understand the permissions system and how to wrangle it, my co-admins don't - which is why this feature will be so useful to have. They can non-destructively investigate permissions and learn how the system works simply and easily.

 

[Liam W]

This is a nice feature

Will be helpful when people are learning the xenForo permission system

 

[patrig]

Very, very good. Thanks.