Not planned Show/log permission changes caused by add-ons


Well-known member
Based on and my reply

I would love to see something to log the permission changes happening via the addon system.

Let's say you've created a premium membership and you want to confirm user A (promoted) can view and post in forum Y but user B (not promoted) cannot view or post in forum Y. This let's you do that.

And that's the point:)

What if i have 2 addons installed (e.g. an addon changing the view permission based on the age+ e.g. an addon which allows you to create only 2 new threads per day.

XF permission analysis would still show "YES" because of the general permission, but it would be NO for several users because of the addon code, right?

Where to search for the problem?
Some addons have their settings in the acp options, some in the forum options form and some have their own acp controllers.. It can get a real nightmare.... Specially if you have no clue what you're looking for. You just know, SOMETHING isn't right here and you have to deactivate 150 addons and active them to find the problem.

That's why I as admin would love to see in the detailswindow of the new permission analysis at least a notice, addon "X" is manipulating the return value based on XYZ...

What about an own Logger for this, which can/have to be used by addmins
// this is the addon code
public function canViewForum(array $forum, &$errorPhraseKey = '', array $nodePermissions = null, array $viewingUser = null)
                $parentReturn = parent::canViewForum($forum, $errorPhraseKey, $nodePermissions, $viewingUser);
                if ($parentReturn && false == $this->checkSomething()){
                  XenForo_Model_PermissionChangeLogger::log('forum', 'canViewForum', 'addonX changed this based on ...', true);
                  $errorPhraseKey = 'addonx_no_view_forum_perm';
                  return false;
    XenForo_Model_PermissionChangeLogger::log('forum', 'canViewForum', 'addonX could  change this based on ...', false); //just a notice to show that it COULD change something
                return $parentReturn;

in the default frontend calls, nothing would happen, XenForo_Model_PermissionChangeLogger wouldn't log anything for better performance.
If it's called via the acp controller and the "permission <-> method" map, it would log the changes and show them in the details window.
1. => REAL VALUE would be shown
2. => it would be easier to see what changed the value
My idea is just a quick codesnipper and i know it's not the perfect solution because addons would need to use this, but it would be a great start and help with debugging
Upvote 0


Well-known member
another not so powerful, but easier and faster to implement idea:

Addon coders could create own "change notices" for the permissions, which will be exported & imported with the addon xml file.

additional notice for "can create thread" permission: addonX can change this permission based on datetime/gender/location. you can find the settings here(link to forum options page)

and this additional notices would be shown inside of the analysis details... then people still wouldn't have the 100% true value, but they would at least know which addon is changing something

Based on
No, that's different and we don't have anything that even enumerates those permissions as they don't map 1:1 with actual permission setups. (For example, we'd never check can view thread-like stuff without a thread, and this applies to many other permissions.)

But regardless, that's not really the general target of this.
it wouldn't work for all permissions, but it would be a good start to make debugging easier