XF 1.1 Permission Content


Active member
I have some questions about permission contents... This is what I have right now:
I have a system I am designing for a client of ours:

1) We have classes, and those classes have "Memberships" they could be User Groups but the problem is from my understanding that User Groups are tied to the User itself, not as a system as whole.

The situation I have right now is this:

If User Bob is part of Class A and is a Leader of that Class that means he gets Leadership Usergroup access BUT he should NOT have access to Class B because hes not part of that class. But because of the UserGroup permission what can I do about this? I do not want to assign User Ids to a specific class because that can eventually become a hassle especially when we may have more than 50,000+ records in the future and having to rebuild the permissions for all that will be a hassle. I would rather create some sort of Membership with predefined settings that makes them part of that content group.

Would I need to modify just the xf_permission_entry_content table to add my own membership ID that represents the group that they can be part of or can I just use the User Group system they have and just create a "table" that represents what class they are part of? Which I have something like

class_id, user_id to table that tells me that the user id is part of that class, the permission would then just follow after that??? I just don't want to have to modify to much if I can help it as I am running into that issue now...

Also is the user_group_list in the xf_permission_combination tied to just the user_id itself or can I add another table like class_membership_list basically a list of membership that user is assoicated with, but the problem is just because he is part of Class A as an Leader for that Class he may be just a simple Student in another Class or not part of another Class...

So If the xf_permission_combination is tied as a system as whole rather than a specific content then thats what I need to know
Class members can be represented by groups. Class leaders can be assigned on a per user basis instead of with a group. You can assign permissions directly to individual users when editing specific nodes:

Admin CP -> Applications -> Display Node Tree -> Permissions

Screen shot 2013-01-13 at 3.56.55 PM.png

Or you can assign overall user permissions, not for a specific node:

Admin CP -> Users -> User Permissions
The thing we have is that there will be ton of classes that are created. I was using this method but ran into problems with rebuilding the caches all the time. Basically I have something like

Class Membership Roles that work similar to the user roles across the site, but the issue I have is trying to figure out how to use the current system without having to program a lot. I was going to just create a new Content Permission, and use User Groups and create a User Group for each "Class Role" I need, the problem is each Class can have their own permission settings, and not as a whole. I suppose I could just make it so that each Membership Role works as a whole then have a table that maps them from the class to the user and what role they are part of.

Because I cannot have a User have a Secondary User Group that represents Leadership Role in all classes, when he should only have leadership role in a single class and could be part of another class but not have leadership role if this makes sense?

John Smith is part of Class A with Leadership Role
John Smith is not part of Class B
John Smith is part of Class C but with Student Role, he should NOT have Leadership Role access just because he is part of the Leadership Role User Group

I don't want to have to assign a permission role directly to his user because what if I have one class with 100+ students? Each time I have to update permission for a single user, or for a class as whole will cause a small delay. There will be more than 1 class, we anticipated over 50,000 classes will be made
The thing we have is that there will be ton of classes that are created. I was using this method but ran into problems with rebuilding the caches all the time ... we anticipated over 50,000 classes will be made

The current permission system can't handle that many groups. As you said, you will run into problems rebuilding the permission cache. You will need a new system to handle class access. This would be a paid request:

Okay hopefully Kier or one of the developers could let me know if I was right on this or not.

From my understanding xf_permission_entry is tied to the specific user or usergroup for the entire "Site" as a whole. For example user_group_id 2 (Registered User by default) that has permission_group_id "avatar" with permission_id "allowed" permission_value "allow" means that a USER within that USERGROUP has permission to upload an avatar.

Where xf_permission_entry_content is tied to a specific "CONTENT" such as a NODE and if your USER GROUP 2 is part of that permission set but its set to deny or something of this sort it means that user will not have permission because they are part of that user group. NOW it will from my understanding it will check to see if the permission exists within the xf_permission_entry table first if that fails then it will check the xf_permission_entry_content???

The part that I am still confused is HOW the xf_permission_combination method works?

From my understanding I could just create a table that could be something like <prefix>_permission_class_entry that works similar to the xf_permission_entry_content, replace the user_group_id with like class_membership_id, remove content_id and content_type and make class_id but keep the user_id so that the layout is the same method.

FROM there I would use the <prefix>_class_membership_user table which contains the class_membership_id, class_id, user_id, permission_cache and basically I could rebuild the permission cache by checking to see if a USER exists in this table and get their membership ID for that specific class.

So in my mind I am kinda of replacing



Class Membership
Top Bottom