Add-on User Group Permissions Manager

Floyd R Turbo

Floyd R Turbo

Well-known member
I use an excel spreadsheet that is full of formulas and conditional statements to provide me an at-a-glance view of all the permissions that I have set for all my usergroups. In my particular instance, all of my usergroups are stacked, meaning that if I have usergroup A B C D E, then users in group D are also part of group A B C. So my spreadsheet works for me, but it would not work right if users in group D were not in either B or C or both. I suppose I could make that work but it would get complicated and I don't need that.

But the idea got me thinking of an addon that would be *very* useful for managing permissions across multiple usergroups.

What I am thinking of is an add-on that would allow me to see all the user group permissions in side-by-side columns on the same page, instead of looking at them one page at a time. If this is difficult to visualize, I have attached a copy of my spreadsheet - it's not the exact one but it gives you an idea.

So this add-on would be able to do a few things. First of all, it would be interactive, meaning it would let you "test" certain permissions combinations (without actually setting them), but would give you the option to set them, both individually and as a whole, and also to "revert" your selections back to the current setting, again both individually and as a whole. You would also be able to check a box for each user group which would allow you to select which usergroup permissions settings would be included in the calculation.

Here is a cut & pasted together example of what it might look like, for simplicity, only 3 user groups are shown (and the "result" column does not show what the result would actually look like, it is just a cut/paste of the last column)

Permissions.webp

The REVERT check box should be a button. Too tired to re-do it.

I included the display styling priority also, in this case, one might be able to adjust these, save all, then reload the page to reorder the priority (or maybe this is automatically figured in when you click "calculate")

Not sure how "possible" this would be to do within XF ACP in a situation where someone had a large number of user groups defined. But I know that you can export and import user group permissions, so this might be something that would only be able to be done with a stand-alone program or a separate script.

So what do you addon writer think - is this possible?
 

Attachments

I think it would solve more issues than it would cause, otherwise I don't think it would be worth it.

I would venture to guess that most people who are familiar with forum administration or have a decent amount of experience would not really have a heavy need for such a tool, because they would have probably done what I have done, maybe on paper or via a series of permissions testing.

This is really a more useful tool for people who are a bit newer and might not have a firm grasp on permissions and how they work in XF. It's almost more of a training tool than anything else but could be used to vet out a particular permission setting that is not working as intended.

It would also come in extremely useful in a situation where a user was part of A and E but not B C and D, so permissions set in B C and D would not apply or be inherited.

This could become the case where someone was removed from a particular group for one reason or another, and this might have an adverse or unintended consequence. Such a tool would allow the admin to forsee potential problems with various promotions or demotions.
 
I totally agree with you on this. I had lots of problems going back and forth while adding new permissions for various user groups when I was setting up my forum. It could be something a forum owner installs when setting up his forum.
 
Yup...I still use my spreadsheet which works pretty good, but would be really nice to have an addon to take care of it in ACP
 
This thread is in the Resource and Add-on Requests sub-forum, so, no. Please "like" the OP if you would like to see this as an addon
 
Agreed; this would be fantastic. We have SO MANY usergroups that it is incredibly difficult to manage.
 
What I really wish is for proper hierarchical groups.

That is, you make User Z a member of group C, and Group C itself is a member of group A & Group B. That User Z automatically pickup membership of Group A & group B.

This would simplify management a bit, as you would only deal with leaf 'role' groups and not directly with 'rights' groups.
 
Having a bit of insomnia so I finished up my revised permissions manager spreadsheet for one of my forums. Figured I would share it, someone else might find it useful if only for playing around and seeing how permissions build on each other

I pulled data from table to build the guts but this isn't required.

Anyone could copy/paste a row and rename it for the permission

Adding/deleting columns is where it needs rework, you can just "ignore" columns but if you have more than 11 user groups that stack then you gotta mod a few things (but it's not hard to figure out)

top 3 rows are for reference only, no calcs depend on these

4th row, enter "y" if the member you are analyzing is part of the group, anything else is treated as "no"

Permission values are blank = No (not set), "deny" = Never, "Allow" = allow. These are converted to numerical values of 0, 1, 2 in the next column (if part of group)

Column G, place "use_int" if the permission is value based. "unlimited" is = -1 for this permission.

Last 4 columns are the magic. What I do is simply multiply all the values, if it's zero, it's "denied" (a "never" no - now you can ferret these out), if it's 1 then there are no nevers and no allows so it's just a "no", if it's more than 1 there is at least one allow and no nevers so "yes"

Value based permissions are 2 steps, a max and min calc then if the min is -1 there is an unlimited, otherwise it's the max.

So far it works perfect.
 

Attachments

Addendum: I had a thought that this might not quite be right because the styling priority isn't taken into account, but it turns out that does not matter at all when it comes to permissions. As long as there is an "allow" and not a "never", any "no (not set)" is simply ignored, so it works. I checked the permissions tables and if you have a permission that has "no (not set)" in every single user group, or a value setting that is zero in every set, the permission doesn't even show up in the table.

The only perms that show up in the table and actually get taken into account are: value unlimited (-1), value not zero, allow, deny. After realizing this, it all makes perfect sense.


Addendum #2: adding columns for additional permissions groups is actually rather easy the way I have this set up.

1) copy any column pair (the setting column plus the one to the right) and insert before the "result" column. repeat as needed before the next step.

2) In the first calculated value cell of Result (in this case, AD6), edit the cell and add the appropriate cells for the new column(s) to the multiplier list.

3) in the Min and Max columns, same thing (add the same cell to the list)

4) no mod needed to NUMBER column

5) copy those 3 cells in which you just modded the formula and paste them down through the entire column. You can avoid the light orange rows if you want it to stay pretty, but filling those in does nothing (since the NUMBER column formula is missing in that cell)

You're welcome
 
You must log in or register to reply here.

Similar threads

hello2029
  • Question Question
Help needed in copying user group permissions
Replies
9
Views
515
Mr Lucky
Mr Lucky
D
  • Question Question
User group permissions Advice?
Replies
5
Views
420
Deleted member 745
D
Ricsca
  • Question Question
XF 2.2 Group permissions, Custom fields and email notifications
Replies
2
Views
168
Ricsca
Ricsca
L
  • Question Question
bug on the second user group permission
Replies
10
Views
787
Black Tiger
Black Tiger
Ricsca
  • Question Question
XF 2.2 User group permission difference
Replies
3
Views
429
Paul B
Paul B
Top Bottom