1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

XF 1.2 XenForo Permissions

Discussion in 'XenForo Questions and Support' started by Amaury, Jan 9, 2014.

  1. Amaury

    Amaury Well-Known Member

    We have an Adult Users node that, as the name implies, can only be seen by people of age 18 or older, except for administrators (all four of us administrators happen to be 18+, but yeah).

    Members that qualify are moved from the Registered Users user group to the Adult Users user group, while non-admin staff members that qualify have it added as an additional user group.

    My question is this: The Adult Users user group cannot do any moderating, such as delete threads, but how can staff members in the Super Moderators user group keep their powers in the Adult Users node?

    Adult Users Node Permissions:
    Permissions 1.png Permissions 2.png

    Super Moderators Node Permissions:
    Permissions 3.png Permissions 4.png
  2. Sheratan

    Sheratan Well-Known Member

    Do you give your super moderator global permission via usergroup? If "YES" that it's normal for super moderator to keep their powers in that node.

    There are 3 permission in xenforo:
    > Node based
    > Usergroup based
    > User based

    I suggest you to check super moderator node based permission via analyze permission (admin.php?permissions/analyze)

    1. If you wanted to give a moderator permission only in specific node, give them permission via node based
    2. If you wanted to give a moderator permission globally, give them permission via usergroup based.
    3. You can mix #1 and #2
    4. User based permission can grant global permission without any usergroup (you can call that "hidden staff" for example) but only for that user.
  3. Tracy Perry

    Tracy Perry Well-Known Member

    Any particular reason you are assigning them to a totally different primary group. That really goes contrary to the way permissions are designed for use in the software.
    Luke F and Steve F like this.
  4. Amaury

    Amaury Well-Known Member

    It's how we did it on vBulletin. For example, I've got Administrators as my primary user group.
  5. Tracy Perry

    Tracy Perry Well-Known Member

    You aren't running vBulletin anymore!
    Trying to shoehorn the vBulletin way into the permission schematics for XenForo will end up getting you confused.
    Add them to the Adult as a secondary group - give that node permissions for the secondary group, revoke it for all others except staff (this is NOT including moderators), make a special Adult Moderators group and give them moderator permissions for that area.
    wickedstangs likes this.
  6. Amaury

    Amaury Well-Known Member

    Now I'm just hopelessly confused. Permissions were honestly not this complicated on vBulletin. :(

    On vBulletin, you had someone's primary user group as Super Moderators with a secondary user group of Adult Users. Then you set the forum permissions of the Adult Users forum all to no for Super Moderators so they couldn't see it, but then when you made Adult Users a secondary user group of Super Moderators, super moderators could see and moderate normally in that forum.
    Last edited: Jan 9, 2014
  7. Liam W

    Liam W Well-Known Member

    It really is quite simple :p

    Start a conversation with me, I have an idea...
  8. Martok

    Martok Well-Known Member

    As Tracy Perry said, this isn't vBulletin. The reason you're finding XenForo permissions difficult is because you're doing it all wrong. It's like a PC user who moves to a Mac and insisting they'll only do things the way they did on a PC.

    Firstly you should not be moving anyone from one primary group to another. Everyone should have the Registered group as their primary group and this has the lowest permissions. You then assign secondary groups which have additional permissions to those who require them. Brogan's guide explains all of this


    You shouldn't be using the Never permission either. Never should only be used in exceptional circumstances as it can never be overriden. You should be using Not Set (No) for group/user permissions or Revoke for node permissions.

    I'd set up your permissions as follows:

    Group Permissions
    Registered users - set your base permissions that everyone gets
    Adult Users - set any additional permissions (if they don't have anything additional, leave everything as Not Set (No)
    Super Moderators - set additional permissions (I'm assuming that Super Moderators are moderating across all of your forums)

    Moderator Permissions
    Your Super Moderators should be assigned in ACP > Users > Moderators. Don't give them any individual permissions here (unless you need to for certain users), just make them a Super Moderator and tick the option to add them to the Super Moderators group (as a secondary group - note they will still have Registered as their primary group). Doing it this way makes it easy in the future to change permissions for Super Moderators as you will do it once for all of them in the Super Moderator group rather than individually here.

    Adult Users Node
    Adult Users node - make this a private node. Once you've done this, for the Adult Users group only, set the View Node permission to Allow. Don't do it for any other group. If there are any additional permissions required for Adult Users, set these, otherwise leave all node permissions set to Inherit.

    Doing this will mean that only the Adult Users group will be able to access the Adult Users node, no one else.

    Now assign the Adult Users group as a secondary group to everyone who needs access i.e.. Adult Users and Moderators who qualify.

    You're done.

    So now you'll have:

    Regular members - Registered (primary)
    Adult members - Registered (primary) + Adult (secondary)
    Super Moderators - Registered (primary) + Super Moderators (secondary, plus allocation to Moderators in the ACP)
    Super Moderators who are Adults - Registered (primary) + Adult (secondary) + Super Moderators (secondary, plus allocation to Moderators in the ACP)

    The beauty of permissions across multiple usergroups like this is that if you want to make a change, e.g. give some additional permissions to every member, you only have to do it once in the Registered group, or if you want to tweak the Adult members privileges it's done once in their group.
    Amaury and lazy llama like this.
  9. Liam W

    Liam W Well-Known Member

    Don't set it to private. Only people added as user permissions will be able to view it...
  10. Martok

    Martok Well-Known Member

    That's the whole point. All those who need to see it have Adult Users as a secondary usergroup (and the group has the View node permission set to Allow). Anyone who hasn't got Adult Users as a secondary usergroup won't see the node. This includes Super Moderators who don't qualify as adults, as I explained in my post. ;)
  11. Liam W

    Liam W Well-Known Member

    No, I mean it infores user groups and only looks at user permissions.

    At least thought it did...
  12. Martok

    Martok Well-Known Member

    I think you need to look read about permissions again...

    Groups with the View node permission set to Allow can see a private node. I know I am right about this as I am using this set-up on my forums. :)
  13. Amaury

    Amaury Well-Known Member

    Okay, so Registered Users is the only group whose permissions should be either allow or deny? Other user groups should be set to Not Set (e.g., Administrators)?
  14. James

    James Well-Known Member

    Not exactly. Registered Users should have the base permissions that every single user of your forum will have. Then, you add additional usergroups with additional functionality to build upon the base permission set of the Registered Users.

    Additional usergroups should have an allow permission if the permission isn't already set in your base permissions (registered users), otherwise you can leave it as Not Set.
    Amaury and Martok like this.
  15. Martok

    Martok Well-Known Member

    What James said.

    Take a look at Brogan's guide that I linked to. That, as well as the set-up I have suggested should make things clearer.

    Oh and this applies for you as an administrator too - you should have Registered as your primary group. You'll probably be in several groups:

    Registered + Adult Users + Super Moderators + Administrator (assuming you do moderation as well as administration). Your administration group will only have Allow permissions for anything that isn't set to Allow in the other usergroups, everything else should be set to Not Set (No).
    Amaury likes this.
  16. Amaury

    Amaury Well-Known Member

    Like being able to post in a discussion, for example?
  17. Brogan

    Brogan XenForo Moderator Staff Member

    Whichever the base permissions you want all users to have.
    Generally that will be view, post, and all the other standard perms most members would expect to have on a forum.
    Amaury likes this.
  18. Amaury

    Amaury Well-Known Member

    A VERY special thank you to @Liam W for helping me get everything properly set in user group and node permissions!
    Tracy Perry, SneakyDave and Liam W like this.
  19. Tracy Perry

    Tracy Perry Well-Known Member

    Not as hard as you thought was it? The more you play with it the more you will understand it and appreciate the power and flexibility of it. But for those very reasons it can seem complex to people at first.
    Amaury likes this.
  20. Amaury

    Amaury Well-Known Member

    @Liam W actually took care of it all, I just told him what was needed via Skype (e.g., the Administrators user group has access to everything, the Super Moderators user group is the same as the Administrators user group, except it can't permanently delete content, etc.).

    However, now I can use what he did as a guide for potential future user groups.

Share This Page