2016-12-28, 03:34 PM
If you create a user moderator on a category, and enable, say, open/close threads and stick/unstick threads, the user will have these powers in all forums inside the category. If you then add them as a moderator again to one of the forums inside this category, and only give them the ability to stick/unstick, then they lose the ability to open/close threads in this specific forum. This is correct.
However, the same does not apply to usergroup moderators. Using the same example as above, the moderators would still be able to open/close threads in the forum were specific moderator permissions were set, where they should only be granted stick/unstick permissions.
The issue is that in get_moderator_permissions, when setting permissions for users, it checks if the value is 0:
This will override the 1 set at category level with the 0 set at forum level, thus removing the ability to open/close threads (again, correct).
However, a few lines down when setting permissions for usergroups, it doesn't do this:
Simply using the same code for usergroups as we do for users fixes the issue.
Usually in MyBB, we say a yes overrides a no - i.e. you can be in 10 groups that disallow a permission, but 1 that allows it, so you will be allowed. However, I think moderator permissions are a bit different.
Personally I think usergroups should behave the same as users, as it is reasonable to want to override permissions for a specific forum, maybe 3 levels deep, while setting everything else on a category level. This already works for users, just not usergroups.
Ideally, these permissions wouldn't be set up with a simple yes/no, they really need an 'inherit' option. This way, when you edit the moderators on specific forums, you could choose whether to specifically restrict a permission, or keep it in line with the permissions set on the category. However, this is best suited for 2.0
However, the same does not apply to usergroup moderators. Using the same example as above, the moderators would still be able to open/close threads in the forum were specific moderator permissions were set, where they should only be granted stick/unstick permissions.
The issue is that in get_moderator_permissions, when setting permissions for users, it checks if the value is 0:
// Figure out the user permissions
if($value == 0)
{
// The user doesn't have permission to set this action
$perms[$action] = 0;
}
else
{
$perms[$action] = max($perm[$action], $perms[$action]);
}
This will override the 1 set at category level with the 0 set at forum level, thus removing the ability to open/close threads (again, correct).
However, a few lines down when setting permissions for usergroups, it doesn't do this:
$perms[$action] = max($perm[$action], $perms[$action]);
Simply using the same code for usergroups as we do for users fixes the issue.
Usually in MyBB, we say a yes overrides a no - i.e. you can be in 10 groups that disallow a permission, but 1 that allows it, so you will be allowed. However, I think moderator permissions are a bit different.
Personally I think usergroups should behave the same as users, as it is reasonable to want to override permissions for a specific forum, maybe 3 levels deep, while setting everything else on a category level. This already works for users, just not usergroups.
Ideally, these permissions wouldn't be set up with a simple yes/no, they really need an 'inherit' option. This way, when you edit the moderators on specific forums, you could choose whether to specifically restrict a permission, or keep it in line with the permissions set on the category. However, this is best suited for 2.0