So I finally figured out the XenForo permissions system
- Thread starter Code Monkey
- Start date
Moshe1010
Well-known member
I still can't see how that is different. Can you give a specific example?
Wildcat Media
Well-known member
I can't help on vB examples anymore--even after using their permission system for several years, I still was never fully comfortable with it. It was a haphazard system to me, and so tedious to use that I dreaded having to work on permissions at all...
Code Monkey
Well-known member
I got it when I looked at it in human terms. We are all human, no matter what else we add onto our lives this is what we are at the basic level. Now when I conquer the world I am merely adding the world conqueror usergroup to my life as a human. I'm still human underneath but I am now afforded more privileges over my human condition because I have the world conqueror usergroup status in addition to my basic status as human. Now I can add more things on top of my humanity that change things. I can join the great lover group or the hansom guy group. All things that afford me additional privileges over and above my basic humanity.
Now I can get overthrown and suddenly have the imprisoned usergroup assigned that would grant me less access than my basic humanity group. Even worse I can have the beheaded usergroup added at which point I am banned from humanity.
So it is with XenForo. A new member arrives in our forum world and they register and confirm. They now have their basic forum given rights and privileges in the registered usergroup. Every member is in this group just like we are all human. Now if they make a few posts and seem to be legit we can add more privileges by adding another more privileged group on top of their basic registered status. And if they stick around and post a bunch we can give them more toys by adding another group with more toys. If we want them to moderate a topical forum or such we can add the moderator group. And if they are so great and we trust them a lot we can add the super moderator group and let them loose on the whole site. Now if one member is trusted but doesn't want to mod but is great a back-end stuff such as mod coding or styling, we can add the admin group on top of their registered status.
I hope this all makes sense.
The problem with vBulletin was that when I wanted to change someones privileges I had to move them from the human group to the Klingon group or such. And eventually, you just end up with the bar scene from star wars and it can get confusing who is what and it's a nightmare to undo.
I hope that helps. It gave me a headache.
Jeremy
in memoriam 1991-2020
It's been years, but as I remember it, primary > secondary.
XenForo applies equal weight to all groups + nodes to determine permissions.
EQnoble
Well-known member
Love it.
Moshe1010
Well-known member
I got it when I looked at it in human terms. We are all human, no matter what else we add onto our lives this is what we are at the basic level. Now when I conquer the world I am merely adding the world conqueror usergroup to my life as a human. I'm still human underneath but I am now afforded more privileges over my human condition because I have the world conqueror usergroup status in addition to my basic status as human. Now I can add more things on top of my humanity that change things. I can join the great lover group or the hansom guy group. All things that afford me additional privileges over and above my basic humanity.
Now I can get overthrown and suddenly have the imprisoned usergroup assigned that would grant me less access than my basic humanity group. Even worse I can have the beheaded usergroup added at which point I am banned from humanity.
So it is with XenForo. A new member arrives in our forum world and they register and confirm. They now have their basic forum given rights and privileges in the registered usergroup. Every member is in this group just like we are all human. Now if they make a few posts and seem to be legit we can add more privileges by adding another more privileged group on top of their basic registered status. And if they stick around and post a bunch we can give them more toys by adding another group with more toys. If we want them to moderate a topical forum or such we can add the moderator group. And if they are so great and we trust them a lot we can add the super moderator group and let them loose on the whole site. Now if one member is trusted but doesn't want to mod but is great a back-end stuff such as mod coding or styling, we can add the admin group on top of their registered status.
I hope this all makes sense.
The problem with vBulletin was that when I wanted to change someones privileges I had to move them from the human group to the Klingon group or such. And eventually, you just end up with the bar scene from star wars and it can get confusing who is what and it's a nightmare to undo.
I hope that helps. It gave me a headache.
I know how it works in XenForo, but I still can't see how it's useful to make a mess (IMO), and start building user's permissions one on another.
What if you forget what X user group had more than Y user group if you have 15 different user groups? how then it's useful?
My permission groups are fixed, and rearly I touch them. It makes no sense for me to start adding subgroups to an admin or a moderator because now he's higher in his or her ranking --> I just make one admin user group with all the permissions of user + moderator and just put this admin in this one primary group and deal done. What can go wrong with this move? I don't set any permission to "never", so no permission can be overwritten on another. I did that on my board and it works great, exactly as I had in my vBulletin board,; so I really can't see how adding subgroups to a user makes your life easier. Maybe it's because it's new for me and I haven't played with that too long, but anyway, it's working for me so I guess it's a matter of preference.
Code Monkey
Well-known member
Well if you want to remove someone from moderator status your way means I have to move them to another usergroup. With XenForo you just uncheck the moderator group and it's done. All other base permissions are still intact. Seems like a simple approach to me.
Moshe1010
Well-known member
I'm moving him from Moderators group to Registered user group, how is that different than checking on or off lol?
Code Monkey
Well-known member
What if that person is also a news author that has permission to post news. And also a site donor with access to a donor forum. Each thing is it's own thing without having to deal with the whole everytime a persons status changes.
Code Monkey
Well-known member
It's probably best not to think of them as usergroups anymore as permission groups is more precise of a term.
Moshe1010
Well-known member
Then I put this user in these groups, and add secondary groups as needed. I don't have this kind of layout, so I guess i'm out of the XF "unique" permission game.
I stick to the basics:
Supe Admins
Moderators
Honor Users (same as registered just have a permission to read articles before anybody else + have a user banner)
Registered Users
Payed users (automatically added to a secondary group of "perviously paid users to review their thread after their subscription is over).
That's it.
Code Monkey
Well-known member
So all those groups duplicate some of the same permissions. It's a mess to keep track of.
Moshe1010
Well-known member
Why does it matter if you have duplicated permissions? It doesn't do any harm. The only conflict I can see at my layout is permissions overwrite, which would never happend as I said before because I don't use the "NEVER" option in any of my user groups.
Code Monkey
Well-known member
If it doesn't matter to you then you'll be happy with it. But doing it the vb way caused nothing but problems and issues for me on XenForo. Now it's all straightened out and I can trust anyone I allow to work with it to understand the system and make changes.
I came up with another analogy while eating my late dinner after another 13 hour day.
In XenForo you can think of the Registered usergroup as a big round pizza dough. And all the other groups as the individual toppings I want added to make different pizzas. So if I want user a to be an olive and pepperoni pizza I just add olives and then I add peperoni. All the pizzas I can ever want all have pizza dough so that is all covered by the registered group. No need to duplicate that effort.
Now I am hungry again.
I still think the whole problem with grasping this in XenForo is using the term usergroups. That should be changed to permissions group or even better would be access masks. Because that's what they are. You are not adding users to groups in XF , you are adding access masks to users.
I came up with another analogy while eating my late dinner after another 13 hour day.
In XenForo you can think of the Registered usergroup as a big round pizza dough. And all the other groups as the individual toppings I want added to make different pizzas. So if I want user a to be an olive and pepperoni pizza I just add olives and then I add peperoni. All the pizzas I can ever want all have pizza dough so that is all covered by the registered group. No need to duplicate that effort.
Now I am hungry again.
I still think the whole problem with grasping this in XenForo is using the term usergroups. That should be changed to permissions group or even better would be access masks. Because that's what they are. You are not adding users to groups in XF , you are adding access masks to users.
If you ever add on a group, you have to make sure it has the permissions, if you add a node with special permissions you have to set it up for all the groups. I spent some time doing my permissions right, and now it takes me 2 minutes to set up a higher tier promotion, I just create the group and check off the permission escalation, and it is done.
Also, if you want to change a permission, you just go in to the group that sets it, instead of having to update it in every single group. Setting up groups with full permission sets are more work over time if you are changing things, setting it up correctly in xF is more work initially only, but way easier to maintain. But whatever floats your boat.
Also, if you want to change a permission, you just go in to the group that sets it, instead of having to update it in every single group. Setting up groups with full permission sets are more work over time if you are changing things, setting it up correctly in xF is more work initially only, but way easier to maintain. But whatever floats your boat.
I can add or remove a base permission to all 20 groups by changing it in a single group.
You can't.
Moshe1010
Well-known member
The last time I created a group or a new node was 2 years ago. I can sacrifice to edit 6 user groups and their permissions when I open a new node, then adding subgroups every time I add or remove a user.
I don't have 20 groups; I have 7.
So I win
Code Monkey
Well-known member
I have Pizza I win.