XF 1.2 XenForo Permissions

Amaury

Amaury

Well-known member
We have an Adult Users node that, as the name implies, can only be seen by people of age 18 or older, except for administrators (all four of us administrators happen to be 18+, but yeah).

Members that qualify are moved from the Registered Users user group to the Adult Users user group, while non-admin staff members that qualify have it added as an additional user group.

My question is this: The Adult Users user group cannot do any moderating, such as delete threads, but how can staff members in the Super Moderators user group keep their powers in the Adult Users node?

Adult Users Node Permissions:
Permissions 1.webp Permissions 2.webp

Super Moderators Node Permissions:
Permissions 3.webp Permissions 4.webp
 
Sort by date Sort by votes
Do you give your super moderator global permission via usergroup? If "YES" that it's normal for super moderator to keep their powers in that node.

There are 3 permission in xenforo:
> Node based
> Usergroup based
> User based

I suggest you to check super moderator node based permission via analyze permission (admin.php?permissions/analyze)

protip:
1. If you wanted to give a moderator permission only in specific node, give them permission via node based
2. If you wanted to give a moderator permission globally, give them permission via usergroup based.
3. You can mix #1 and #2
4. User based permission can grant global permission without any usergroup (you can call that "hidden staff" for example) but only for that user.
 
Upvote 0 Downvote
Amaury said:
Members that qualify are moved from the Registered Users user group to the Adult Users user group, while non-admin staff members that qualify have it added as an additional user group.
Click to expand...
Any particular reason you are assigning them to a totally different primary group. That really goes contrary to the way permissions are designed for use in the software.
 
Upvote 0 Downvote
Amaury said:
It's how we did it on vBulletin. For example, I've got Administrators as my primary user group.
Click to expand...
You aren't running vBulletin anymore!
Trying to shoehorn the vBulletin way into the permission schematics for XenForo will end up getting you confused.
Add them to the Adult as a secondary group - give that node permissions for the secondary group, revoke it for all others except staff (this is NOT including moderators), make a special Adult Moderators group and give them moderator permissions for that area.
 
Upvote 0 Downvote
Tracy Perry said:
You aren't running vBulletin anymore!
Trying to shoehorn the vBulletin way into the permission schematics for XenForo will end up getting you confused.
Add them to the Adult as a secondary group - give that node permissions for the secondary group, revoke it for all others except staff (this is NOT including moderators), make a special Adult Moderators group and give them moderator permissions for that area.
Click to expand...

Now I'm just hopelessly confused. Permissions were honestly not this complicated on vBulletin. :(

On vBulletin, you had someone's primary user group as Super Moderators with a secondary user group of Adult Users. Then you set the forum permissions of the Adult Users forum all to no for Super Moderators so they couldn't see it, but then when you made Adult Users a secondary user group of Super Moderators, super moderators could see and moderate normally in that forum.
 
Last edited:
Upvote 0 Downvote
As Tracy Perry said, this isn't vBulletin. The reason you're finding XenForo permissions difficult is because you're doing it all wrong. It's like a PC user who moves to a Mac and insisting they'll only do things the way they did on a PC.

Firstly you should not be moving anyone from one primary group to another. Everyone should have the Registered group as their primary group and this has the lowest permissions. You then assign secondary groups which have additional permissions to those who require them. Brogan's guide explains all of this

http://xenforo.com/community/resources/implementing-permissions-across-multiple-user-groups.358/

You shouldn't be using the Never permission either. Never should only be used in exceptional circumstances as it can never be overriden. You should be using Not Set (No) for group/user permissions or Revoke for node permissions.

I'd set up your permissions as follows:

Group Permissions
Registered users - set your base permissions that everyone gets
Adult Users - set any additional permissions (if they don't have anything additional, leave everything as Not Set (No)
Super Moderators - set additional permissions (I'm assuming that Super Moderators are moderating across all of your forums)

Moderator Permissions
Your Super Moderators should be assigned in ACP > Users > Moderators. Don't give them any individual permissions here (unless you need to for certain users), just make them a Super Moderator and tick the option to add them to the Super Moderators group (as a secondary group - note they will still have Registered as their primary group). Doing it this way makes it easy in the future to change permissions for Super Moderators as you will do it once for all of them in the Super Moderator group rather than individually here.

Adult Users Node
Adult Users node - make this a private node. Once you've done this, for the Adult Users group only, set the View Node permission to Allow. Don't do it for any other group. If there are any additional permissions required for Adult Users, set these, otherwise leave all node permissions set to Inherit.

Doing this will mean that only the Adult Users group will be able to access the Adult Users node, no one else.

Now assign the Adult Users group as a secondary group to everyone who needs access i.e.. Adult Users and Moderators who qualify.

You're done.

So now you'll have:

Regular members - Registered (primary)
Adult members - Registered (primary) + Adult (secondary)
Super Moderators - Registered (primary) + Super Moderators (secondary, plus allocation to Moderators in the ACP)
Super Moderators who are Adults - Registered (primary) + Adult (secondary) + Super Moderators (secondary, plus allocation to Moderators in the ACP)

The beauty of permissions across multiple usergroups like this is that if you want to make a change, e.g. give some additional permissions to every member, you only have to do it once in the Registered group, or if you want to tweak the Adult members privileges it's done once in their group.
 
Upvote 0 Downvote
Liam W said:
Don't set it to private. Only people added as user permissions will be able to view it...
Click to expand...
That's the whole point. All those who need to see it have Adult Users as a secondary usergroup (and the group has the View node permission set to Allow). Anyone who hasn't got Adult Users as a secondary usergroup won't see the node. This includes Super Moderators who don't qualify as adults, as I explained in my post. ;)
 
Upvote 0 Downvote
Martok said:
That's the whole point. All those who need to see it have Adult Users as a secondary usergroup (and they have View node set to Allow). Anyone who hasn't got Adult Users as a secondary usergroup won't see the node. This includes Super Moderators who don't qualify as adults, as I explained in my post. ;)
Click to expand...

No, I mean it infores user groups and only looks at user permissions.

At least thought it did...
 
Upvote 0 Downvote
Liam W said:
No, I mean it infores user groups and only looks at user permissions.

At least thought it did...
Click to expand...
I think you need to look read about permissions again...

Groups with the View node permission set to Allow can see a private node. I know I am right about this as I am using this set-up on my forums. :)
 
Upvote 0 Downvote
Martok said:
As Tracy Perry said, this isn't vBulletin. The reason you're finding XenForo permissions difficult is because you're doing it all wrong. It's like a PC user who moves to a Mac and insisting they'll only do things the way they did on a PC.

Firstly you should not be moving anyone from one primary group to another. Everyone should have the Registered group as their primary group and this has the lowest permissions. You then assign secondary groups which have additional permissions to those who require them. Brogan's guide explains all of this

http://xenforo.com/community/resources/implementing-permissions-across-multiple-user-groups.358/

You shouldn't be using the Never permission either. Never should only be used in exceptional circumstances as it can never be overriden. You should be using Not Set (No) for group/user permissions or Revoke for node permissions.

I'd set up your permissions as follows:

Group Permissions
Registered users - set your base permissions that everyone gets
Adult Users - set any additional permissions (if they don't have anything additional, leave everything as Not Set (No)
Super Moderators - set additional permissions (I'm assuming that Super Moderators are moderating across all of your forums)

Moderator Permissions
Your Super Moderators should be assigned in ACP > Users > Moderators. Don't give them any individual permissions here (unless you need to for certain users), just make them a Super Moderator and tick the option to add them to the Super Moderators group (as a secondary group - note they will still have Registered as their primary group). Doing it this way makes it easy in the future to change permissions for Super Moderators as you will do it once for all of them in the Super Moderator group rather than individually here.

Adult Users Node
Adult Users node - make this a private node. Once you've done this, for the Adult Users group only, set the View Node permission to Allow. Don't do it for any other group. If there are any additional permissions required for Adult Users, set these, otherwise leave all node permissions set to Inherit.

Doing this will mean that only the Adult Users group will be able to access the Adult Users node, no one else.

Now assign the Adult Users group as a secondary group to everyone who needs access i.e.. Adult Users and Moderators who qualify.

You're done.

So now you'll have:

Regular members - Registered (primary)
Adult members - Registered (primary) + Adult (secondary)
Super Moderators - Registered (primary) + Super Moderators (secondary, plus allocation to Moderators in the ACP)
Super Moderators who are Adults - Registered (primary) + Adult (secondary) + Super Moderators (secondary, plus allocation to Moderators in the ACP)

The beauty of permissions across multiple usergroups like this is that if you want to make a change, e.g. give some additional permissions to every member, you only have to do it once in the Registered group, or if you want to tweak the Adult members privileges it's done once in their group.
Click to expand...

Okay, so Registered Users is the only group whose permissions should be either allow or deny? Other user groups should be set to Not Set (e.g., Administrators)?
 
Upvote 0 Downvote
Amaury said:
Okay, so Registered Users is the only group whose permissions should be either allow or deny? Other user groups should be set to Not Set (e.g., Administrators)?
Click to expand...
Not exactly. Registered Users should have the base permissions that every single user of your forum will have. Then, you add additional usergroups with additional functionality to build upon the base permission set of the Registered Users.

Additional usergroups should have an allow permission if the permission isn't already set in your base permissions (registered users), otherwise you can leave it as Not Set.
 
Upvote 0 Downvote
What James said.

Take a look at Brogan's guide that I linked to. That, as well as the set-up I have suggested should make things clearer.

Oh and this applies for you as an administrator too - you should have Registered as your primary group. You'll probably be in several groups:

Registered + Adult Users + Super Moderators + Administrator (assuming you do moderation as well as administration). Your administration group will only have Allow permissions for anything that isn't set to Allow in the other usergroups, everything else should be set to Not Set (No).
 
Upvote 0 Downvote
Whichever the base permissions you want all users to have.
Generally that will be view, post, and all the other standard perms most members would expect to have on a forum.
 
Upvote 0 Downvote
Amaury said:
A VERY special thank you to @Liam W for helping me get everything properly set in user group and node permissions!
Click to expand...
Not as hard as you thought was it? The more you play with it the more you will understand it and appreciate the power and flexibility of it. But for those very reasons it can seem complex to people at first.
 
Upvote 0 Downvote
Tracy Perry said:
Not as hard as you thought was it? The more you play with it the more you will understand it and appreciate the power and flexibility of it. But for those very reasons it can seem complex to people at first.
Click to expand...

@Liam W actually took care of it all, I just told him what was needed via Skype (e.g., the Administrators user group has access to everything, the Super Moderators user group is the same as the Administrators user group, except it can't permanently delete content, etc.).

However, now I can use what he did as a guide for potential future user groups.
 
Upvote 0 Downvote
You must log in or register to reply here.

Similar threads

pupu
  • Question Question
XF 2.2 Questions About XenForo Permissions and Security
Replies
0
Views
34
pupu
pupu
A
Change Moderator Permissions
Replies
5
Views
50
Alfuzzy
A
Stuart Wright
Unignorable User Permissions [Paid]
Replies
2
Views
47
Stuart Wright
Stuart Wright
FoP
  • Solved
XF 2.2 Mirrored media gallery and permissions
Replies
2
Views
31
FoP
FoP
Saarbruecken
Elasticsearch Role Permissions
Replies
0
Views
44
Saarbruecken
Saarbruecken
Back
Top Bottom