HTML Logo by World Wide Web Consortium (www.w3.org). Click to learn more about our commitment to accessibility and standards.

Moving forward with Composr

ocPortal has been relaunched as Composr CMS, which is now in beta. ocPortal 9 will be superseded by Composr 10.

Head over to compo.sr for our new site, and to our migration roadmap. Existing ocPortal member accounts have been mirrored.


Permissions descriptors

Login / Search

 [ Join | More ]
 Add topic 
Posted
Rating:
#27126 (In Topic #6256)
Avatar

Community saint

In the individual Forums permisisons are descripted with (Yes) (No) under each "mouseover header". The mouseover generally describes the function the permission relates to.

There are two questions.

1 Why does the default permission in a forum have more permission than add/post/submit. I would have thought the default permission in a forum would be the lesser permission of all the permission groups or in other words the least permission possible which is READ only.

The difference between Default and the predefined add/post/submit preset is that the default permission has the ability to do all the things in add/post/submit PLUS edit own content. The default permission is a little bit more than READ only where vetted posts are allowed. My view would have been that if READ only is not the system default then the default permission should have N for edit own content and the add/post/submit preset permission should be add/post/submit/edit (Basically swap out the Y in edit own content in the default).  I will be interested in your comments on this.

2.Why does the forum permission chart (when editing a forum) have the descripter (Yes) (No) under each "mouseover header" BUT the Permissions tree editor under admin security (when you are drilled into the forum sections) just has the word default so you never know what permission it is unless you go to the forums permissions chart within each forum. Is there something I am missing?

The mouse over descriptors are definitely a key element in working out what permision is applied and are very good by the way but the description low range and medium range content throughout is harder to get to grips with. O_o



Back to the top
 
Posted
Rating:
#27131
Avatar

Community saint

 Hi,

I am also having problems with permissions. It seems that no matter what I do with permissions in the forum and gallery sections admin is the only one who can access.

What I would like to do is allow posting without validation for low level content in the gallery and low and mid range content in the forum.

I am running a free version of 3.0.16. If I can ever get this to work for me, I will be registering.

Thanks in advance for your assistance.
Back to the top
 
Posted
Rating:
#27135
Avatar

Community saint

psydoc said

It seems that no matter what I do with permissions in the forum and gallery sections admin is the only one who can access.

What I would like to do is allow posting without validation for low level content in the gallery and low and mid range content in the forum.

I have been also having the same sort of problems. For some reason ONLY admin accounts can see the validate button and the tick with cross on the forum thread which indicates it is unvalidated. A site user who is a member of a group that has full access control for Administrate / Moderate (which is a YES in every range within a forum) cannot see the attached buttons for some reason. Unless I wonder if a member is ALSO in group that has a lesser permission does the lesser permission apply even though in the particular forum that the user group has full rights granted. That will be an interesting test.  O_o

Attachment
» Download: Validate button in forum.bmp (111 Kb, 388 downloads so far)
[

Attachment
Validate post button in thread
» Download: Validate post button in forum.bmp (394 Kb, 398 downloads so far)


Back to the top
 
Posted
Rating:
#27147
Avatar

(Let's start with your first post OneRingRules, then I'll replying to the others subsequently)

Re 1)

It's a bit of a tricky situation as there are competing design concerns here.
  • On the one hand, we have global specific permission getting applied so long as the forum is set to 'Use defaults'. The design concern there is that global permissions should reflect the ideal system-wide state as much as possible.
  • On the other hand, we have some system-wide concepts of presets that try to abstract away the complexity into a set of idealised stages.
The notion of an 'idealised stage' is competing with the notion of an 'idealised default', and they don't join up on any one of those stages.

It's a bit of a shame they don't align, I agree – but I think personally I like that the user has the choice of using either of both ideals as a starting point, rather than a slightly muddy combination.

Re 2)

The Tree Editor system loads up a whole load of stuff in bulk and hence efficiencies are important due to the scale of it all. But now that you bring it up, I think we could actually solve this with some clever code.


Become a fan of ocPortal on Facebook or add me as a friend. Add me on on Twitter.
Was I helpful?
  • If not, please let us know how we can do better (please try and propose any bigger ideas in such a way that they are fundable and scalable).
  • If so, please let others know about ocPortal whenever you see the opportunity.
  • If my reply is too Vulcan or expressed too much in business-strategy terms, and not particularly personal, I apologise. As a company & project maintainer, time is very limited to me, so usually when I write a reply I try and make it generic advice to all readers. I'm also naturally a joined-up thinker, so I always express my thoughts in combined business and technical terms. I recognise not everyone likes that, don't let my Vulcan-thinking stop you enjoying ocPortal on fun personal projects.
  • If my response can inspire a community tutorial, that's a great way of giving back to the project as a user.
Back to the top
 
Posted
Rating:
#27150
Avatar

I am also having problems with permissions. It seems that no matter what I do with permissions in the forum and gallery sections admin is the only one who can access.

If they can't access at all, it suggests that there isn't zone access or there isn't page access, or both. By default there's page access to all pages. Can you access downloads, for example? If not, it's probably a zone access problem on your 'Forums' and 'Site' zones.

Unless I wonder if a member is ALSO in group that has a lesser permission does the lesser permission apply even though in the particular forum that the user group has full rights granted. That will be an interesting test.

A member always has "best of" permissions, so no :).
Unfortunately I can't reproduce this problem. I've tried a test user, in two groups, one of which was a normal group that had been upgraded to be 'Administer/Moderate' on the forum in question and one of which was nothing special. I got the button showing for an unvalidated post.
Please run a few checks just to make sure the user involved really is in the group that really is set to have "edit midrange content" overridden for the forum you really are looking in – if that's all correct, you have my assistance in further investigation.


Become a fan of ocPortal on Facebook or add me as a friend. Add me on on Twitter.
Was I helpful?
  • If not, please let us know how we can do better (please try and propose any bigger ideas in such a way that they are fundable and scalable).
  • If so, please let others know about ocPortal whenever you see the opportunity.
  • If my reply is too Vulcan or expressed too much in business-strategy terms, and not particularly personal, I apologise. As a company & project maintainer, time is very limited to me, so usually when I write a reply I try and make it generic advice to all readers. I'm also naturally a joined-up thinker, so I always express my thoughts in combined business and technical terms. I recognise not everyone likes that, don't let my Vulcan-thinking stop you enjoying ocPortal on fun personal projects.
  • If my response can inspire a community tutorial, that's a great way of giving back to the project as a user.
Back to the top
 
Posted
Rating:
#27153
Avatar

Community saint

I will do some additional testing to ensure we don't waste your extremly valuble time Chris and bite into any of that "Retirement" (at the beach) time.

Understood your site security concepts.  The "default" permissions could be easily altered globally to start with anyway to take out "edit own content" but its such a minimal security risk why bother.  :P
Back to the top
 
Posted
Rating:
#27154
Avatar

Community saint

Chris Graham said


Unless I wonder if a member is ALSO in group that has a lesser permission does the lesser permission apply even though in the particular forum that the user group has full rights granted. That will be an interesting test.

A member always has "best of" permissions, so no :).
Unfortunately I can't reproduce this problem. I've tried a test user, in two groups, one of which was a normal group that had been upgraded to be 'Administer/Moderate' on the forum in question and one of which was nothing special. I got the button showing for an unvalidated post.
Please run a few checks just to make sure the user involved really is in the group that really is set to have "edit midrange content" overridden for the forum you really are looking in – if that's all correct, you have my assistance in further investigation.

Chris did you have the member in the test group as a PRIMARY member or SECONDARY member. My members are all secondary members who appear to have this problem. I am going to test this with them in a primary group.

Back to the top
 
Posted
Rating:
#27155
Avatar

Community saint

OneRingRules said

Chris Graham said


Unless I wonder if a member is ALSO in group that has a lesser permission does the lesser permission apply even though in the particular forum that the user group has full rights granted. That will be an interesting test.

A member always has "best of" permissions, so no :).
Unfortunately I can't reproduce this problem. I've tried a test user, in two groups, one of which was a normal group that had been upgraded to be 'Administer/Moderate' on the forum in question and one of which was nothing special. I got the button showing for an unvalidated post.
Please run a few checks just to make sure the user involved really is in the group that really is set to have "edit midrange content" overridden for the forum you really are looking in – if that's all correct, you have my assistance in further investigation.

Chris did you have the member in the test group as a PRIMARY member or SECONDARY member. My members are all secondary members who appear to have this problem. I am going to test this with them in a primary group.



I fixed the problem  :thumbs:  The issue was not related to primary or secondary group membership or in the "Permissions Tree Editor" (under Admin security) OR the "Forum group permissions" BUT was in the settings for the "Global Specific Permissions" under Admin security. The permissions here allow for global permisions  See unvalidated content to be applied by group. Then the specific forum group permissions kick in. All I can say is the site security profiling is something to behold and is incredibly powerfull or incredibly complex if you want to take the other view… It would be good to see some mouse over help or more detailed help on the implications of turning on or off some of the fields. i.e May choose a custom title ( I wasn't sure where that applied in the forums).

Psydoc did you get your problems fixed as in the forums I would suggest you use the presets and you will need the preset Unvetted add / self edit for the level you need. We are not using the Gallery just yet (haven't got there yet!)

 :christmas:
Back to the top
 
Posted
Rating:
#27157
Avatar

Community saint

Hi Chris,

Members can again view the gallery, but can not upload any graphics or make comments that bypass validation. I have been experimenting with only one group (regular). I have set global permission to allow everything except delete submissions, and in the permission tree editor I want members to be able to add/post/submit and set the other values to yes, with the exception of  delete midrange visibility. Could you tell me how this is done? I am wasteing too much time getting this set-up.

Thanks,
Keith
 
Back to the top
 
Posted
Rating:
#27158
Avatar

Please attach screenshots of:
  • the global specific permissions screen when at the submission settings
  • the permission tree editor when at the galleries and cms_galleries modules
  • the error these users receive when they:
    • fail to 'upload graphics'
    • fail to 'make comments'.
This should provide enough information for us to see what's wrong.


Become a fan of ocPortal on Facebook or add me as a friend. Add me on on Twitter.
Was I helpful?
  • If not, please let us know how we can do better (please try and propose any bigger ideas in such a way that they are fundable and scalable).
  • If so, please let others know about ocPortal whenever you see the opportunity.
  • If my reply is too Vulcan or expressed too much in business-strategy terms, and not particularly personal, I apologise. As a company & project maintainer, time is very limited to me, so usually when I write a reply I try and make it generic advice to all readers. I'm also naturally a joined-up thinker, so I always express my thoughts in combined business and technical terms. I recognise not everyone likes that, don't let my Vulcan-thinking stop you enjoying ocPortal on fun personal projects.
  • If my response can inspire a community tutorial, that's a great way of giving back to the project as a user.
Back to the top
 
Posted
Rating:
#27191
Avatar

Community saint

Chris Graham said

Please attach screenshots of:
  • the global specific permissions screen when at the submission settings
  • the permission tree editor when at the galleries and cms_galleries modules
  • the error these users receive when they:
      &lt;li&gt;fail to 'upload graphics'<li>fail to 'make comments'.
    &lt;/li&gt;</li>[/*]
This should provide enough information for us to see what's wrong.


Hi Chris,

There are no error messages. I don't think I did  well explaining my problem. I believe that OCP is working correctly, just not the way I want. I don't want to have to validate all the uploads or comments. I don't seem to be able to get my head around just how the permission system of  OCP functions. For example, in the gallery module, I want people to be able to upload their graphics and make comments without admin/staff validation. When I set the permissions of a regular member to ADD/Post/Submit and select yes to everything except delete I would think that any regular member could upload, post, and edit without restriction, but that is not accomplished.

I have three screen shots that may help you determine the error of my ways.

Thanks for your help, Chris!



Attachment
Just before I click \Set\
» Download: access.bmp (277 Kb, 337 downloads so far)


Attachment
Lights on the gallery module
» Download: module galleries.bmp (71 Kb, 321 downloads so far)


Attachment
Settings when I return to see what the permissions are.
» Download: access2.bmp (251 Kb, 331 downloads so far)
Back to the top
 
Posted
Rating:
#27195
Avatar

Take a look at the "Bypass validator" permissions in the "Submission" section of Global-specific permissions.

Back to the top
 
Posted
Rating:
#27198
Avatar

Community saint

Hi Chris,

The "Bypass validator" permission was not ticked, but even after changing that users are still not able to upload images without validation.

BTW, I'm not sure if something is wrong with your forum, but when I tried to scroll down to make this post I received this message:

The website software has detected what may be a hacking attempt. Please do not be alarmed, and unless you are really trying to hack the website, nobody will question you. Please do not try this action again or you may be automatically banned. If you got here via a link, please inform the link maintainer of the problem.

FOLLOW-UP: I don't know how, but all of a sudden everything is working exactly as I want. I did a migration to a new server, and cleared the cache. Could that be the answer?



Thanks,

Keith



Last edit: by psydoc
Back to the top
 
Posted
Rating:
#27204
Avatar

I'm glad your problem's solved Keith. It does seem strange that that would solve the problem, but if it's fixed, it's fixed :).

The 'hack attack' message you received is very strange. It basically happened due to a bad URL being opened up, but I can't find anything that could have generated that URL. I'm thinking it may be a bug in your web browser (which is one of the less mainstream ones, so perhaps there's a quirk we haven't spotted before), but we'll watch the situation carefully. Thanks for mentioning it, but don't worry about it unless it happens again.


Become a fan of ocPortal on Facebook or add me as a friend. Add me on on Twitter.
Was I helpful?
  • If not, please let us know how we can do better (please try and propose any bigger ideas in such a way that they are fundable and scalable).
  • If so, please let others know about ocPortal whenever you see the opportunity.
  • If my reply is too Vulcan or expressed too much in business-strategy terms, and not particularly personal, I apologise. As a company & project maintainer, time is very limited to me, so usually when I write a reply I try and make it generic advice to all readers. I'm also naturally a joined-up thinker, so I always express my thoughts in combined business and technical terms. I recognise not everyone likes that, don't let my Vulcan-thinking stop you enjoying ocPortal on fun personal projects.
  • If my response can inspire a community tutorial, that's a great way of giving back to the project as a user.
Back to the top
 
Posted
Rating:
#27205
Avatar

Community saint

Hi Chris,

Thanks again for your help. I am going to poke around a little more and see if I can get the other features to work. I will be spending a lot of time in your docs and tutorials.

The hacker alert was reproduced on my site 6 times while trying to add news to the front page. When I switched to IE7, no more troubles so it would be a good bet that it was my browser. I like the nutscape browser because it is safer than IE…at least that's the word on the virtual street.

If it is ok with you I would like to send you a whisper.

Regards,
Keith
Back to the top
 
Posted
Rating:
#27209
Avatar

Sure :).


Become a fan of ocPortal on Facebook or add me as a friend. Add me on on Twitter.
Was I helpful?
  • If not, please let us know how we can do better (please try and propose any bigger ideas in such a way that they are fundable and scalable).
  • If so, please let others know about ocPortal whenever you see the opportunity.
  • If my reply is too Vulcan or expressed too much in business-strategy terms, and not particularly personal, I apologise. As a company & project maintainer, time is very limited to me, so usually when I write a reply I try and make it generic advice to all readers. I'm also naturally a joined-up thinker, so I always express my thoughts in combined business and technical terms. I recognise not everyone likes that, don't let my Vulcan-thinking stop you enjoying ocPortal on fun personal projects.
  • If my response can inspire a community tutorial, that's a great way of giving back to the project as a user.
Back to the top
 
There are too many online users to list.
Control functions:

Quick reply   Contract

Your name:
Your message: