HTML Logo by World Wide Web Consortium (www.w3.org). Click to learn more about our commitment to accessibility and standards.

Moving forward with Composr

ocPortal has been relaunched as Composr CMS, which is now in beta. ocPortal 9 will be superseded by Composr 10.

Head over to compo.sr for our new site, and to our migration roadmap. Existing ocPortal member accounts have been mirrored.


[SOLVED] Frustrated with a Read-Only Forum

Login / Search

 [ Join | More ]
 Add topic 
Posted
Rating:
#99247 (In Topic #19519)
Avatar

Well-settled

I have a "read-only" forum with subforums that people post on.  The main forum is just used to group the sub-forums together and give some instruction on what to do.

I have triple checked and that forum is read-only for every group, yet new members can still post.  It doesn't seem to be every one, but it happens.

The sub-forums all have post-templates and I link directory to "add topic".

Any ideas?


Last edit: by rteicheira

Russ Teicheira
http://vvarmachine.com or http://vvarnc.com - OCPortal Install
http://www.russteicheira.net
 - Profile Site that needs updating
http://projectxfire.com - Tech Blog that I need to get back to
Back to the top
 
Posted
Rating:
#99257
Avatar

So you have "Read-only access" as the permissions preset on that forum for each usergroup?

One possibility did come to mind…
If this forum was originally added by ocPortal as a club forum, it would have hidden permissions attached to the club usergroup that came with it.


Become a fan of ocPortal on Facebook or add me as a friend. Add me on on Twitter.
Was I helpful?
  • If not, please let us know how we can do better (please try and propose any bigger ideas in such a way that they are fundable and scalable).
  • If so, please let others know about ocPortal whenever you see the opportunity.
  • If my reply is too Vulcan or expressed too much in business-strategy terms, and not particularly personal, I apologise. As a company & project maintainer, time is very limited to me, so usually when I write a reply I try and make it generic advice to all readers. I'm also naturally a joined-up thinker, so I always express my thoughts in combined business and technical terms. I recognise not everyone likes that, don't let my Vulcan-thinking stop you enjoying ocPortal on fun personal projects.
  • If my response can inspire a community tutorial, that's a great way of giving back to the project as a user.
Back to the top
 
Posted
Rating:
#99258
Avatar

To elaborate…

Clubs are usergroups with three main differences:
  1. When added, they automatically have a forum created. Permissions to that forum are automatically added.
  2. They are managed from the CMS zone, so you can choose to let your members create them.
  3. They are omitted from the permission interfaces to stop that getting bloated up (potentially you might have hundreds of these clubs).

So, permissions will exist, but hidden away. Let's imagine the forum ID is #123, you can delete all positive privileges with this SQL query (take a database backup first):

Code

DELETE FROM ocp_gsp WHERE module_the_name='forums' AND category_name='123' AND the_value=1;


Become a fan of ocPortal on Facebook or add me as a friend. Add me on on Twitter.
Was I helpful?
  • If not, please let us know how we can do better (please try and propose any bigger ideas in such a way that they are fundable and scalable).
  • If so, please let others know about ocPortal whenever you see the opportunity.
  • If my reply is too Vulcan or expressed too much in business-strategy terms, and not particularly personal, I apologise. As a company & project maintainer, time is very limited to me, so usually when I write a reply I try and make it generic advice to all readers. I'm also naturally a joined-up thinker, so I always express my thoughts in combined business and technical terms. I recognise not everyone likes that, don't let my Vulcan-thinking stop you enjoying ocPortal on fun personal projects.
  • If my response can inspire a community tutorial, that's a great way of giving back to the project as a user.
Back to the top
 
Posted
Rating:
#99285
Avatar

Well-settled

I will have to check the database.  I know I had clubs enabled for awhile, but hadn't let people create any.

Just weird that it is hit or miss on people being able to do it.  Some can, some can't.  And I signup with a dummy account, I am unable to recreate it.  Very weird.

Will get back to you.

Russ Teicheira
http://vvarmachine.com or http://vvarnc.com - OCPortal Install
http://www.russteicheira.net
 - Profile Site that needs updating
http://projectxfire.com - Tech Blog that I need to get back to
Back to the top
 
Posted
Rating:
#99286
Avatar

In the next patch release I have made it so it will show a notice when editing a forum with hidden privileges applied to it.


Become a fan of ocPortal on Facebook or add me as a friend. Add me on on Twitter.
Was I helpful?
  • If not, please let us know how we can do better (please try and propose any bigger ideas in such a way that they are fundable and scalable).
  • If so, please let others know about ocPortal whenever you see the opportunity.
  • If my reply is too Vulcan or expressed too much in business-strategy terms, and not particularly personal, I apologise. As a company & project maintainer, time is very limited to me, so usually when I write a reply I try and make it generic advice to all readers. I'm also naturally a joined-up thinker, so I always express my thoughts in combined business and technical terms. I recognise not everyone likes that, don't let my Vulcan-thinking stop you enjoying ocPortal on fun personal projects.
  • If my response can inspire a community tutorial, that's a great way of giving back to the project as a user.
Back to the top
 
Posted
Rating:
#99288
Avatar

Well-settled

Oh, that is awesome!

Russ Teicheira
http://vvarmachine.com or http://vvarnc.com - OCPortal Install
http://www.russteicheira.net
 - Profile Site that needs updating
http://projectxfire.com - Tech Blog that I need to get back to
Back to the top
 
Posted
Rating:
#99291
Avatar

Well-settled

Nope, that wasn't it.  The ID for the forum that I am having issues with is 88.

Russ Teicheira
http://vvarmachine.com or http://vvarnc.com - OCPortal Install
http://www.russteicheira.net
 - Profile Site that needs updating
http://projectxfire.com - Tech Blog that I need to get back to
Back to the top
 
Posted
Rating:
#99292
Avatar

Is that sorted by category_name? If not, there may be others out of order.


Become a fan of ocPortal on Facebook or add me as a friend. Add me on on Twitter.
Was I helpful?
  • If not, please let us know how we can do better (please try and propose any bigger ideas in such a way that they are fundable and scalable).
  • If so, please let others know about ocPortal whenever you see the opportunity.
  • If my reply is too Vulcan or expressed too much in business-strategy terms, and not particularly personal, I apologise. As a company & project maintainer, time is very limited to me, so usually when I write a reply I try and make it generic advice to all readers. I'm also naturally a joined-up thinker, so I always express my thoughts in combined business and technical terms. I recognise not everyone likes that, don't let my Vulcan-thinking stop you enjoying ocPortal on fun personal projects.
  • If my response can inspire a community tutorial, that's a great way of giving back to the project as a user.
Back to the top
 
Posted
Rating:
#99293
Avatar

One way to debug permissions is to create a writable data_custom/permissioncheckslog.php file, then go test using the SU feature. All the permission checks, and their results, will be written into this file.

Just don't leave the file there or it'll get very big, very fast.


Become a fan of ocPortal on Facebook or add me as a friend. Add me on on Twitter.
Was I helpful?
  • If not, please let us know how we can do better (please try and propose any bigger ideas in such a way that they are fundable and scalable).
  • If so, please let others know about ocPortal whenever you see the opportunity.
  • If my reply is too Vulcan or expressed too much in business-strategy terms, and not particularly personal, I apologise. As a company & project maintainer, time is very limited to me, so usually when I write a reply I try and make it generic advice to all readers. I'm also naturally a joined-up thinker, so I always express my thoughts in combined business and technical terms. I recognise not everyone likes that, don't let my Vulcan-thinking stop you enjoying ocPortal on fun personal projects.
  • If my response can inspire a community tutorial, that's a great way of giving back to the project as a user.
Back to the top
 
Posted
Rating:
#99297
Avatar

Well-settled

Yes, sorry about that.

Sorted by Category with a filter on Module = Forums.

I will try that and get back.

Russ Teicheira
http://vvarmachine.com or http://vvarnc.com - OCPortal Install
http://www.russteicheira.net
 - Profile Site that needs updating
http://projectxfire.com - Tech Blog that I need to get back to
Back to the top
 
Posted
Rating:
#99315
Avatar

Well-settled

Grrr.... getting an error when I have the permissioncheckslog turned on.  See attached.

Russ Teicheira
http://vvarmachine.com or http://vvarnc.com - OCPortal Install
http://www.russteicheira.net
 - Profile Site that needs updating
http://projectxfire.com - Tech Blog that I need to get back to
Back to the top
 
Posted
Rating:
#99316
Avatar

Well-settled

Here is some logs, and there are a few things that scare me, like assum_any_member.

Code

2013/08/08 12:08:50 -- http://vvarmachine.com/forum/index.php?page=forumview&id=recruitment_3 -- raz-test
has_specific_permission: see_php_errors ("See PHP errors"),forumview
has_zone_access: adminzone
has_specific_permission: jump_to_unvalidated ("See non-validated content, if directed to it"),forumview
has_specific_permission: see_unvalidated ("See links to non-validated content"),forumview
has_specific_permission: edit_midrange_content ("Edit other users' mid-impact (medium visibility) content"),topics,forums,88
has_specific_permission: submit_midrange_content ("Submit mid-impact (medium visibility) content"),topics,forums,88
has_specific_permission: open_virtual_roots ("Open up categories as virtual roots"),forumview
has_specific_permission: show_user_browsing ("See where users currently are on the website, and their choice of web browser"),forumview
has_specific_permission: banner_free ("Avoid banners"),forumview
has_specific_permission: edit_highrange_content ("Edit other users' high-impact (high visibility) content"),cms_comcode_pages
has_specific_permission: see_software_docs ("See vendor software documentation"),forumview
has_specific_permission: see_hidden_groups ("See hidden usergroups and their membership"),forumview
has_specific_permission: view_profiling_modes ("View software performance data"),forumview
has_specific_permission: sees_javascript_error_alerts ("Sees Javascript error alerts"),forumview
has_specific_permission: assume_any_member ("Assume the identity/access of any other member"),forumview

Russ Teicheira
http://vvarmachine.com or http://vvarnc.com - OCPortal Install
http://www.russteicheira.net
 - Profile Site that needs updating
http://projectxfire.com - Tech Blog that I need to get back to
Back to the top
 
Posted
Rating:
#99317
Avatar

Community saint

rteicheira said

Here is some logs, and there are a few things that scare me, like assum_any_member.
If you have access to admin zone then you must be logged in as admin.

Admin, by default, has the ability to impersonate any user (SU feature) , so that should account for assume_any_member permission.

Do you have a Samsung Galaxy S / Galaxy S II ? If so, why not check out my ScreenFree FM Radio .
Back to the top
 
Posted
Rating:
#99318
Avatar

Well-settled

I was logged in with a completely different account.  I wasn't masquerading.

Russ Teicheira
http://vvarmachine.com or http://vvarnc.com - OCPortal Install
http://www.russteicheira.net
 - Profile Site that needs updating
http://projectxfire.com - Tech Blog that I need to get back to
Back to the top
 
Posted
Rating:
#99319
Avatar

Community saint

If you weren't logged in as admin, and weren't masquerading, then you must have given the account you logged in with some admin related permissions given that that account has has_zone_access: adminzone permission.

That's the way I read the log anyway O_o .

Do you have a Samsung Galaxy S / Galaxy S II ? If so, why not check out my ScreenFree FM Radio .
Back to the top
 
Posted
Rating:
#99320
Avatar

Well-settled

The account is newly registered in the default group that has limited access. 

Russ Teicheira
http://vvarmachine.com or http://vvarnc.com - OCPortal Install
http://www.russteicheira.net
 - Profile Site that needs updating
http://projectxfire.com - Tech Blog that I need to get back to
Back to the top
 
Posted
Item has a rating of 5 (Liked by Chris Graham)  
Rating:
#99321
Avatar

Community saint

Looking up some old posts an it seems that the log only contains checks that have failed. So if its in the log then the user doesn't have that specific permission.

Do you have a Samsung Galaxy S / Galaxy S II ? If so, why not check out my ScreenFree FM Radio .
Back to the top
 
Posted
Rating:
#99322
Avatar

rteicheira said

Grrr.... getting an error when I have the permissioncheckslog turned on.  See attached.


That's an odd one, I'm not sure about this. Probably clearing the language cache would have resolved though.


Become a fan of ocPortal on Facebook or add me as a friend. Add me on on Twitter.
Was I helpful?
  • If not, please let us know how we can do better (please try and propose any bigger ideas in such a way that they are fundable and scalable).
  • If so, please let others know about ocPortal whenever you see the opportunity.
  • If my reply is too Vulcan or expressed too much in business-strategy terms, and not particularly personal, I apologise. As a company & project maintainer, time is very limited to me, so usually when I write a reply I try and make it generic advice to all readers. I'm also naturally a joined-up thinker, so I always express my thoughts in combined business and technical terms. I recognise not everyone likes that, don't let my Vulcan-thinking stop you enjoying ocPortal on fun personal projects.
  • If my response can inspire a community tutorial, that's a great way of giving back to the project as a user.
Back to the top
 
Posted
Rating:
#99323
Avatar

Yeah sorry, I gave some incorrect information. It does only show failed access. You could therefore try with an account that works, and one that doesn't, and compare.

If you want to open a bug report support ticket about this, I'd take a look for you.


Become a fan of ocPortal on Facebook or add me as a friend. Add me on on Twitter.
Was I helpful?
  • If not, please let us know how we can do better (please try and propose any bigger ideas in such a way that they are fundable and scalable).
  • If so, please let others know about ocPortal whenever you see the opportunity.
  • If my reply is too Vulcan or expressed too much in business-strategy terms, and not particularly personal, I apologise. As a company & project maintainer, time is very limited to me, so usually when I write a reply I try and make it generic advice to all readers. I'm also naturally a joined-up thinker, so I always express my thoughts in combined business and technical terms. I recognise not everyone likes that, don't let my Vulcan-thinking stop you enjoying ocPortal on fun personal projects.
  • If my response can inspire a community tutorial, that's a great way of giving back to the project as a user.
Back to the top
 
Posted
Rating:
#99324
Avatar

I think some time back we changed it from showing everything, to just failures, because it was getting out of hand in size even quicker. If you did want to try it showing all, the code is still there.
sources/permissions2.php, you'd change:

Code

   if (($PERMISSION_CHECK_LOGGER!==false) && (!$result))
   {
      fwrite($PERMISSION_CHECK_LOGGER,"\t".$str);
      $username=$GLOBALS['FORUM_DRIVER']->get_username($member);
      if (is_null($username)) $username=do_lang('UNKNOWN');
      if ($member!=get_member()) fwrite($PERMISSION_CHECK_LOGGER,' -- '.$username);
   //   fwrite($PERMISSION_CHECK_LOGGER,' --> '.($result?do_lang('YES'):do_lang('NO')).chr(10));
      fwrite($PERMISSION_CHECK_LOGGER,chr(10));
      sync_file(get_custom_file_base().'/data_custom/permissioncheckslog.php');
   }
to:

Code

   if ($PERMISSION_CHECK_LOGGER!==false)
   {
      fwrite($PERMISSION_CHECK_LOGGER,"\t".$str);
      $username=$GLOBALS['FORUM_DRIVER']->get_username($member);
      if (is_null($username)) $username=do_lang('UNKNOWN');
      if ($member!=get_member()) fwrite($PERMISSION_CHECK_LOGGER,' -- '.$username);
      fwrite($PERMISSION_CHECK_LOGGER,' --> '.($result?do_lang('YES'):do_lang('NO')).chr(10));
      fwrite($PERMISSION_CHECK_LOGGER,chr(10));
      sync_file(get_custom_file_base().'/data_custom/permissioncheckslog.php');
   }


Become a fan of ocPortal on Facebook or add me as a friend. Add me on on Twitter.
Was I helpful?
  • If not, please let us know how we can do better (please try and propose any bigger ideas in such a way that they are fundable and scalable).
  • If so, please let others know about ocPortal whenever you see the opportunity.
  • If my reply is too Vulcan or expressed too much in business-strategy terms, and not particularly personal, I apologise. As a company & project maintainer, time is very limited to me, so usually when I write a reply I try and make it generic advice to all readers. I'm also naturally a joined-up thinker, so I always express my thoughts in combined business and technical terms. I recognise not everyone likes that, don't let my Vulcan-thinking stop you enjoying ocPortal on fun personal projects.
  • If my response can inspire a community tutorial, that's a great way of giving back to the project as a user.
Back to the top
 
1 guests and 0 members have just viewed this: None
Control functions:

Quick reply   Expand