XF 2.1 Permission Inheritance

marshreef

Member
For the life of me I cannot figure out why this is not working. Hoping someone can point out what I'm doing wrong.

We have two user groups. One is the default registered group that everyone goes in. The other is a supporting member group that users pay to be part of.

One of the things that supporting member upgrade allows is posting in our buy sale trade section.

The parent node is called Marshian Market Place and then there are child nodes under it.

I have Post New Thread set to yes in Marshian Marketplace for both Registered and Supporting Member.

Then then set to No for Registered in the child node and Set to Inherit for Supporting Member in the child node.

So the supporting member should be able to post but they are seeing this: "You have insufficient privileges to post threads here. "

I can go in and change Post New Thread to Yes for the support member and that works but kind of defeats the purpose of inheritance...



When I analyze the permissions for this node and a supporting member this is the result:

Post new thread
No (Details)
Registered Yes
Supporting Member Yes
test-usergroup No
MARSHian Marketplace - Registered Yes
MARSHian Marketplace - Supporting Member Yes
-- Coral & Livestock Selling/Trading (WTS/WTT) - Registered No

Here are some screen shots:
1573927222321.webp

1573927305068.webp



1573927330704.webp

1573927377715.webp

1573927401015.webp
 
It looks okay, but I think I know what the problem is:

Inherit is the lowest priority permission value.

see. This means:

No + Inherit = No

(As the user would be in the registered usergroup (NO) and in the supporting one (Inherit).

What you need is this which you already found out:

No + Yes = Yes.


However I think your approach is still not the best one (but a working one).

I have Post New Thread set to yes in Marshian Marketplace for both Registered and Supporting Member.
Because you don't need to do this, if globally in the usergroup settings you gave the permission to post a new thread for the registered group.
Automatically for all nodes all people will be able to post a new thread. You don't need to go to every node and set it to yes again, like you did for this node.
Just give the permission once in the main global usergroup.
Then go to the child node (Coral and Livestock), set "no" for registered (now nobody will be able to post a new thread there) and put a "yes" for your support group (and admin/mod group if you wish).
 
First of all I'd simply the permissions:

Are any of those permissions currently set a value other than Inherit the same as the permissions that usergroup has on the parent node (or in general if there is no parent node)?
If so, you should set them to Inherit, only set those permissions you realldy need to change for a node.

If I understand your intention correctly you've vot MARSHian Marketplace > Coral & Livestock Selling/Trading (WTS/WTT) and you do not want Registered to be able to post new threads there but do allow this for Supporting Members.

If this is your intention you only need to set those two permissions, eg. Post New Thread = No for Registered and Yes for Supporting Members and leave everything else at Inherit.
 
It looks okay, but I think I know what the problem is:



see. This means:

No + Inherit = No

(As the user would be in the registered usergroup (NO) and in the supporting one (Inherit).

What you need is this which you already found out:

No + Yes = Yes.


However I think your approach is still not the best one (but a working one).


Because you don't need to do this, if globally in the usergroup settings you gave the permission to post a new thread for the registered group.
Automatically for all nodes all people will be able to post a new thread. You don't need to go to every node and set it to yes again, like you did for this node.
Just give the permission once in the main global usergroup.
Then go to the child node (Coral and Livestock), set "no" for registered (now nobody will be able to post a new thread there) and put a "yes" for your support group (and admin/mod group if you wish).

First of all I'd simply the permissions:


Are any of those permissions currently set a value other than Inherit the same as the permissions that usergroup has on the parent node (or in general if there is no parent node)?
If so, you should set them to Inherit, only set those permissions you realldy need to change for a node.

If I understand your intention correctly you've vot MARSHian Marketplace > Coral & Livestock Selling/Trading (WTS/WTT) and you do not want Registered to be able to post new threads there but do allow this for Supporting Members.

If this is your intention you only need to set those two permissions, eg. Post New Thread = No for Registered and Yes for Supporting Members and leave everything else at Inherit.

So its actually a little more complicated..
In Marshian Market Place there are actually seven child forums

MARSHian Marketplace
--Sponsor Livestock and Equipment Sales
--Used Equipment Selling/Trading (WTS/WTT)
--Coral & Livestock Selling/Trading (WTS/WTT)
--Want to Buy (WTB/WTT)
--Free Stuff - No WTB or WTS
--Non-Hobby Related Selling/Trading
--BST Archive

There are several user groups in play
Registered
Supporting Member
Lifetime Member
Sponsor
BoD (board of directors)

So what I was trying to avoid was setting permissions at every individual node under Marshian Market Place for every different user group. Using this as my permission template.

I was thinking based on
Permission for Parent Node + Permission for Child Node = Final Permission for Child Node
Yes + No = No
Yes + Inherit = Yes

1574012780923.png

Where Y=Yes, N=No, I=Inherit

=================================================================
Supporting Member: Post new thread = Yes for marshian market place
Supporting Member: Post new thread = Inherit for Coral & Livestock Selling/Trading (WTS/WTT)

I was thinking:
Yes higher node + Inherit child node = Yes but apparently not.

==================================================================
Registered: Post new thread = Yes for marshian market place
Registered: Post new thread = No for Coral & Livestock Selling/Trading (WTS/WTT)

This one seems to work so I'm assuming here Yes higher node + No child node = No
Probably because its directly set to no in child node.
==================================================================
 
Last edited:
Your screenshot is confusing and not good as it is right now.

Give me please a new screenshot for your table where everything is empty and then put a "Y" which groups you want to be able to post a new thread in which node, like your first row where for all 5 you said "Y". Don't put any "N" or "I", I will tell you that after your new screenshot.
 
Last edited:
Also for ACP -> Groups & permissions -> User groups -> Registered

What is the post new thread permission for this usergroup? Is it set to yes?
 
Also for ACP -> Groups & permissions -> User groups -> Registered

What is the post new thread permission for this usergroup? Is it set to yes?

Yes it is.

Marshian Marketplace is a Category Node, the others are Forum nodes.

1574082102766.png

So other than the category node being set to Y/yes what I was trying to avoid is going to each child node/usergroup and explicitly setting it to Y by using inheritance. I was hoping that by leaving it on I/inherit, it would inherit that Y/yes from the category node. Then I would only have to explicitely set to N/no the ones that I did not want to post in a particular forum.
 
Last edited:
ReSuLiSpBo
Ma MaIIIII
--Sp LiNIIYY
--Us EqNYYYY
--Co LiNYYYY
--Wa toIIIII
--Fr StIIIII
--No HoIIIII
--Bs ArNIIIY
 
Last edited:
I am on my phone right now, so i made this table quick.

Assuming everyone is in the registered group, which should be the case for every xf forum normally, then this is the way it should be done.
 
When I analyze the permissions for this node and a supporting member this is the result:

Post new thread
No (Details)
Registered Yes
Supporting Member Yes
test-usergroup No
MARSHian Marketplace - Registered Yes
MARSHian Marketplace - Supporting Member Yes
-- Coral & Livestock Selling/Trading (WTS/WTT) - Registered No
An explicit permission in a forum will override an inherited permission from a parent category.

So the No for the registered user group in the trading forum overrides the inherited Yes for the supporting user group in the parent category.
 
An explicit permission in a forum will override an inherited permission from a parent category.

So the No for the registered user group in the trading forum overrides the inherited Yes for the supporting user group in the parent category.

Thank you. I'm sure that is why the "no" in the child is working as expected.

But I'm not understanding why the below this isn't working.

Supporting member is an upgrade from the default Registered (Guest) account.

Supporting Member: Post new thread = Yes for marshian market place (parent - category node)
Supporting Member: Post new thread = Inherit for Coral & Livestock Selling/Trading (WTS/WTT) (child - forum node)

I was thinking:
Yes higher node + Inherit child node = Yes at child node, but apparently not?
 
I was thinking:
Yes higher node + Inherit child node = Yes at child node
That is correct. However, you are forgetting, that the same user is also in the registered usergroup at the same time for that specific case. And from that the user gets the overall "NO".
And Brogan tried to explain you, that you setting a "no" overrides the inherited from a parent category.

No + inherited Yes = No.

My table from above is the correct way how to do it the best way with those number of usergroups.
 
Top Bottom