MyBB Community Forums

G'day,

I have had a forum software running for a few years here:
https://forum.rcflyingclub.com/

Users have started reporting they can no longer see forum that they are group members of. I have reproduced the issue with a test user.

I have a General discussion forum accessible to all Registered Users.
I have a Club Members only forum that is visible only when Registered members get added to that Group and another Committee Members only forum that is only visible to members of that group. Previously I could just add the additional groups to a user and the permissions would inherit nicely. Now however, users cannot see any forums except the publically viewable forum or if I make their primary user group a non standard group. Is this intended behaviour?

I created a new test forum and test group. gave Test users access to the test forum but its not visible:
Test User:
testuser01
testtesttest

https://i.imgur.com/walHT0f.png
https://i.imgur.com/zfeCwh4.png
https://i.imgur.com/AJUhVTw.png

Going to the direct URL shows its a permissions error for the users. https://forum.rcflyingclub.com/forumdisplay.php?fid=8
https://i.imgur.com/fTinyRL.png

I have updated all plugins and themes, disabled all unnecessary plugins.
https://i.imgur.com/fTinyRL.png

The problem persists when the default Mybb theme is forced as well.

What can I do to fix this issue?

If your forum is in a category different from "Forums", is this category allowed to the group ?
I think that parents rights are not overrided by forum rights.

With your user (wich is registered) I can't see any other category than the public one.

Try Set Custom Permissions for the group (without necessarily changing anything).

The Test Group's permissions are shown as inherited from the parent forum while other groups are custom and overridden to deny access, and it looks like MyBB may have an issue with applying inherited permissions of Additional Groups.

G'day, Thankyou for the quick answers but no luck with setting custom permissions. All my forums are in a "Forum" Group which has all view permissions enabled.
https://i.imgur.com/xYwJ8US.png
https://i.imgur.com/B6Mp90B.png

Here is what the Test Forum looks like:
https://i.imgur.com/XbEgTZU.png
And when I set custom permissions
https://i.imgur.com/R4OXT5m.png

Looks like permissions are suddenly broken for my install, how would I go about fixing that?

https://i.imgur.com/YraurQJ.png
this one is not working for me, can you reupload?

Capture software kept bugging on the scrolled capture, refresh and see now 👍

can you please check "Forums" Category* (the one category name "Forums" which is parent you created) permission if the test group can see or not?

Here is the permission page for the Category
https://i.imgur.com/gytuq2I.png

--Edit--
Just to reiterate, this forum has been working since 2011 or thereabouts with this structure, this issue is a new one.

Hi kizza42,

As I mentioned in Discord (although you may not have seen it nor even be a member of the MyBB Discord server), I experienced something similar on upgrading a board to 1.8.27, but came up with a working fix and put the issue (potential bug) aside, not knowing how to diagnose it.

Today, given that you have also experienced the problem I experienced, I dug in deep, and have (eventually) come up with a diagnosis.

In short, this is a regression from PR #4095: namely, the change it makes to the fetch_forum_permissions() function in the inc/functions.php file, which is to remove the initialisation $level_permissions = $fpermcache[$fid][$gid]; on what was line 1474, replacing it with a later else block in the new lines 1486-1489.

This leaves $level_permissions uninitialised on each new iteration of the loop over $groups; $level_permissions instead retains the value it had at the end of the previous iteration. The above-mentioned change seems to assume that the else block will take care of initialising $level_permissions, but it is possible that the if conditional will instead be satisfied, and that $level_permissions will not be set within that if block. This will be the case when all of the forum's parent forums are set to "inherit" for the extra group, or when its list of parent forums is empty.

Drilling in deeper, the problem then is that before the change, the conditional under the comment // If we STILL don't have forum permissions we use the usergroup itself would test true, and the commented action would occur, with the default usergroup permissions being permissive, and allowing viewing. After the change, in contrast, given that there will in your (and my) scenario be at least one group prior to the extra group, $level_permissions will not be empty, and - because the prior group does not have permission to view the forum (only the extra group does) - the effective permissions returned will be such as to prohibit the group member from viewing the forum.

There seem to be two quick fixes for this issue:

1. (Avoiding changes to the code): Customise the permissions for each relevant forum for each relevant "extra" usergroup: move, in the web UI, each of the "View", "Post Threads", "Post Replies", and "Post Polls" permissions for the relevant usergroups from the "Overview: Allowed Actions" column to the "Overview: Disallowed Actions", save them, and then move them all back to the "Overview: Allowed Actions" column and save them. This will break the inheritance, the permission indicator beside the groups' names will change from "(inherited)" to "(custom)", and the permissions should then work as expected.
   
2. (Less work-intensive but requiring edits to core files): Insert at what is currently line 1697 of inc/functions.php the missing initialisation:
   

   			$level_permissions = $fpermcache[$fid][$gid];
   

I think, given this diagnosis, that this constitutes a bug and should be escalated to a GitHub issue, but whether the fix I've suggested is the one ultimately adopted is a matter for discussion. I find the MyBB permissions code to be quite confusing, and others more familiar with it might have better ideas.

Thankyou for the comprehensive look into this issue Laird, it's much appreciated 👍 I'm not in the Discord (I didn't know there was one but makes sense, there is a Discord for everything now!) Please post back if you post a bug on Github and I will add my experience to it.

I started with Option 2 but had a mini panic attack where the change seemed to expose the hidden forums to the wrong member groups so I quickly reverted. I then went with option 1 and that seems to have resolved the issue for now.

Big thankyou to everyone else who was looking at the issue as well. 👍