XF 2.2 Permission Issues

Peace7904

New member
Hello, recently my group has updated to Xenforo 2.2. With the update, it seems an issue arose with Secondary Group permissions overriding Primary group on nodes. An example is I have a Primary Group called B that has full forum and moderator permissions and a Secondary Group called S that has permissions set to No on specific nodes. Even when my Primary Group is set to B, I am denied access to said node due to having S as my Secondary Group. I also have Forum Super Admin so I am able to cross check and adjust perms as needed which is how I was able to discover this to be the issue. Any help would be appreciated!
Ps: this was not an issue prior to updating to 2.1.2
 
Last edited:

Mike

XenForo developer
Staff member
There is no concept of the primary user group overriding secondary groups. Regardless of group, the permission value with the highest priority wins:


You should use the analyze permissions system to determine how the permissions are being calculated.

I can only guess that it worked before upgrading because something interfered with the permissions being rebuilt for a change at some point in the past. We've seen this with some add-ons before. The 2.2 upgrade would've triggered a permission rebuild based on all of the data in the DB.
 

Peace7904

New member
My apologies, forgot to post the correct version as I was misinformed which we were running. The correct version is 2.1.11 which I was told was just a security update. The person who updated it gave me the wrong version by accident.

An example of what is happening, my primary group is Director, and my secondary group is Donor

Director has all forum and moderator permission
Donor has basic forum permissions and no moderator permissions.

For our Annoucnement node and its Parent Node General Information:
Donor perms are set to Post thread: No with Post replies Yes and the rest are inherit
Director perms are set to Inherit

For our Staff node which is a Parent Node:
Donor perms are set to View Node: No
Director perms are set to Inherit for all

In this case, I am denied viewing the node entirely when Donor is my secondary group.

The Analyze permissions stated I am denied Access to the Staff node when I have the Donor secondary group but when I remove it I am able to access it again.

Just checked, Director Display Priority is 900 and Donor is 0
 
Top