• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

Cannot reproduce Usergroup Permission Quirk

Ghan_04

Active member
#1
This is something I have encountered twice now, and I'm not sure what the cause is. A user is a member of two groups, Registered and the Moderating group. This user is a super moderator and added as such in the admin panel.
The problem is that the user at some point was unable to even view the forums. He could not do anything whatsoever - it was as if only the permissions from the Moderating group were in effect (we have the basic permissions like View Node set to No (not never) for this group so that kind of thing can be inherited from Registered). I have no idea why the permissions do not resolve correctly. In playing around with it, it seems the problem was "fixed" by adding the View Node permission to the Moderating group and then removing it again.

So my only thought at this point is that it is something to do with permission caching. How exactly do permissions get cached? Could that be the cause? Is there a way to flush the permission cache safely? Is there anything more I can do to investigate this, given that I cannot reproduce it?

Thanks.
 

Mike

XenForo developer
Staff member
#2
Well, if flipping a permission fixes it, then that does sound like a permission cache thing. However, it's not something I've ever been seen. Unfortunately, I would have to be able to produce it ("at will") to be able to fix it. There's a lot going on.

If you can't reproduce it either, then there's not a lot we can do.
 

Mike

XenForo developer
Staff member
#4
Well I really need to be able to reproduce it actually happening - I suppose seeing some data in the DB would be helpful, but I won't really know why that happened.

So if it can't be reproduced consistently, the only thing you really could do is back up the xf_permission* tables and the xf_user table before you fix it. That might give me a bit of insight.
 

Ghan_04

Active member
#5
Right now I am having this issue:

Registered group has a permission set to Allow.
Parent node has same permission set to Revoke for Registered.
Child node has same permission set to Allow for a secondary group.

A user who belongs to Registered and the other secondary group is denied the permission in the child node. Unless I misunderstand something about how permissions work, this should not be the case. I cannot resolve this - I've tried changing stuff around and back to no avail.
 

Ghan_04

Active member
#7
The permission in question is "Can Edit Post by Self" - the user is able to view all the nodes.
This EXACT same permission scheme is working as I intend for the "Can Post New Threads" permission - I'm just having trouble with editing and deleting own posts.

EDIT:
Here's some more info. If, on the parent node, I return the "Revoke" permissions to "Inherit", everything unlocks and I can edit, etc.
If I then return only the "Post New Threads" to Revoke, that permissions works as expected.
However, if I set it so that "Edit Post by Self" is Inherit while "Delete Post by Self" is Revoke, then I still have the Edit and Delete buttons available on a given post.
It is only when I add the "Delete Post by Self" does everything seem to come crashing down on me.
 

Mike

XenForo developer
Staff member
#8
Well, if you can reproduce it consistently, submit a ticket with admin CP access details, FTP access details, and the name of a user I should be using "test permissions" with. I will hopefully be able to get to the bottom of it.
 

Mike

XenForo developer
Staff member
#9
For reference:

It looks like because you're revoking the editing permission, then it's wiping out the edit time permission (seeing it to 0, which is none) as it's a "dependent" permission, that's getting passed down to the child forum.

You can work around this simply by explicitly setting the edit time at the child level. This does appear to be a bug or at least a very unexpected behavior, so I plan to make changes for a future version.