MyBB Community Forums

MyBB Community Forums > Community Archive > Archived Forums > Archived Development and Support > MyBB 1.2 Series > MyBB 1.2 General Support > Permissions get "moved" with a thread!
Full Version: Permissions get "moved" with a thread!
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

Galen

2006-10-09, 02:46 AM
One of my users posted a "how to make an H-Bomb" instructional post. I soft-deleted it to my Trash Can forum (not the plugin, just a setup using custom mod tools) while I went off to find out if posting such a thing is actually legal. I come back a little while later to find that the user had been able to click "view today's posts" and get to the post in the Trash Can. Not only that, but he was able to EDIT his post! The permissions for the Trash Can are that normal users cannot view, read, post, or edit anything in that forum! So, a few bugs.

1. "view today's posts" shouldn't be showing posts in a hidden forum. Apparently it does if the post was started in a public forum and then moved into a hidden forum.

2. When the user clicked the link to his post in the hidden forum, he should've gotten an "access denied" page, not the post!

3. When the user clicked "edit" he should've gotten an "access denied" page, not the edit form!

All this appears to be due to the fact that a posts permissions aren't changed when the post gets moved into a forum with different permissions. I'd say that's a pretty major flaw in the system.

Ryan Gordon

2006-10-09, 03:02 AM
Are you using 1.2.1? Does the user have secondary permissions? Is the user a 'normal' user?

I'm just dubious about this, because don't you think this 'major flaw' would have been noticed before?

Galen

2006-10-09, 03:13 AM
Using 1.2.1, the user has no secondary permissions, and the user is a "normal" user.

I've stopped it from happening now.  I re-copied the permissions from my admin forum and it appears to have worked this time.  The permissions were exactly the same anyway, but they apparently didn't take until I used the "copy permissions" function.

I'm assuming now that, due to the level of complexity in the permissions system, there must've been something I missed originally.  I suppose perhaps it wasn't a "bug" per se, but it's hard to tell for sure.  I originally used the simple permissions page when setting up the forum and I guess some setting in the more complex "usergroup forum permissions" page was overiding what I'd set. It's hard to tell with MyBB which permission will overule another.

We can call this "bogus" for now, I guess.  The forum is apparently working the way it was designed.
MyBB Community Forums > Community Archive > Archived Forums > Archived Development and Support > MyBB 1.2 Series > MyBB 1.2 General Support > Permissions get "moved" with a thread!