MyBB Community Forums

Full Version: [F] Users cannot view threads when permission "Can Post Threads?" is unchecked. [C-Chris]
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Pages: 1 2
I've double checked this and users on my board cannot read threads in select forums when the "Can Post Threads?" permission is unchecked even with the "Can View?" checked. I have verified this by rechecking the "Can Post Threads?" permission, saving it, and then viewing the thread with a test user from that group and with no permission denied message. I then uncheck it, save, and the permission denied message is back.

www.forarouse.com
Test user: removed.

Screenshot of permissions attached:
removed
If you click Edit Permissions/Set Permissions you'll see the permission to view threads becomes unticked. I think this is a known flaw, but ticking it in more advanced permissions and saving will sort it.
Thanks that worked. I did a search but turned up nothing. Sad
Yeah I noticed some buggy behavior from the main perm page and the advanced. I have to normally go back and forth and make dang sure the changes I want stick. So I notice some odd behavior but haven't looked deeper than that to fix it or to find the exact problem.
I noticed this too. However I tested it on another forum and it didn't happen, so I never reported it. :x
Yeah, I don't really like the permissions system right now. Some users got access to a forum they weren't supposed to. Confused
The Quick Permissions Editor was designed to be able to change common permissions quickly. From what I understand of the bug report checking or unchecking "Can Post Threads?" updates more then 1 permission. I think the general consensus is this functionality should be changed so that it only updates it's own permission.

Also, if anyone has any design suggestions for making accessing and changing all the permissions easier and simpler, then I'm open to those for consideration in a future version. Currently I think the forum permissions are a bit cumbersome/hidden away.
Okay, so I'm looking at the code and I don't see how this bug report is possible.



function save_quick_perms($fid)
{
	global $db, $inherit, $canview, $canpostthreads, $canpostreplies, $canpostpolls, $canpostattachments, $cache;

	$query = $db->simple_select("usergroups", "gid");
	while($usergroup = $db->fetch_array($query))
	{		
		$query2 = $db->simple_select("forumpermissions", "canviewthreads,candlattachments,canratethreads,caneditposts,candeleteposts,candeletethreads,caneditattachments,canvotepolls,cansearch", "fid='{$fid}' AND gid='{$usergroup['gid']}'", array('limit' => 1));
		$existing_permissions = $db->fetch_array($query2);
		
		// Delete existing permissions
		$db->delete_query("forumpermissions", "fid='{$fid}' AND gid='{$usergroup['gid']}'");

		// Only insert the new ones if we're using custom permissions
		if($inherit[$usergroup['gid']] != 1)
		{
			if($canview[$usergroup['gid']] == 1)
			{
				$pview = 1;
			}
			else
			{
				$pview = 0;
			}
			
			if($canpostthreads[$usergroup['gid']] == 1)
			{
				$pthreads = 1;
			}
			else
			{
				$pthreads = 0;
			}
			
			if($canpostreplies[$usergroup['gid']] == 1)
			{
				$preplies = 1;
			}
			else
			{
				$preplies = 0;
			}
			
			if($canpostpolls[$usergroup['gid']] == 1)
			{
				$ppolls = 1;
			}
			else
			{
				$ppolls = 0;
			}
			
			if($canpostattachments[$usergroup['gid']] == 1)
			{
				$pattachments = 1;
			}
			else
			{
				$pattachments = 0;
			}
			
			if(!$preplies && !$pthreads)
			{
				$ppost = 0;
			}
			else
			{
				$ppost = 1;
			}

			$insertquery = array(
				"fid" => intval($fid),
				"gid" => intval($usergroup['gid']),
				"canview" => intval($pview),
				"canviewthreads" => intval($existing_permissions['canviewthreads']),
				"candlattachments" => intval($existing_permissions['candlattachments']),
				"canpostthreads" => intval($pthreads),
				"canpostreplys" => intval($preplies),
				"canpostattachments" => intval($pattachments),
				"canratethreads" => intval($existing_permissions['canratethreads']),
				"caneditposts" => intval($existing_permissions['caneditposts']),
				"candeleteposts" => intval($existing_permissions['candeleteposts']),
				"candeletethreads" => intval($existing_permissions['candeletethreads']),
				"caneditattachments" => intval($existing_permissions['caneditattachments']),
				"canpostpolls" => intval($ppolls),
				"canvotepolls" => intval($existing_permissions['canvotepolls']),
				"cansearch" => intval($existing_permissions['cansearch'])
			);
			
			$db->insert_query("forumpermissions", $insertquery);
		}
	}
	$cache->update_forumpermissions();
}

More closely these lines:

$insertquery = array(
	"fid" => intval($fid),
	"gid" => intval($usergroup['gid']),
	"canview" => intval($pview),
	"canviewthreads" => intval($existing_permissions['canviewthreads']),
	"candlattachments" => intval($existing_permissions['candlattachments']),
	"canpostthreads" => intval($pthreads),
	"canpostreplys" => intval($preplies),
	"canpostattachments" => intval($pattachments),
	"canratethreads" => intval($existing_permissions['canratethreads']),
	"caneditposts" => intval($existing_permissions['caneditposts']),
	"candeleteposts" => intval($existing_permissions['candeleteposts']),
	"candeletethreads" => intval($existing_permissions['candeletethreads']),
	"caneditattachments" => intval($existing_permissions['caneditattachments']),
	"canpostpolls" => intval($ppolls),
	"canvotepolls" => intval($existing_permissions['canvotepolls']),
	"cansearch" => intval($existing_permissions['cansearch'])
);

The forum permission "Can View Threads?" is directly inherited from the parent. There is no correlation between "Can Post Threads?" or "Can View Threads?"

Seems like bogus to me.
I have seen this a lot, and a lot of other people have seen it too.

http://screencast.com/t/AiFP7XnoV3
(01-29-2009, 07:10 PM)MattR Wrote: [ -> ]I have seen this a lot, and a lot of other people have seen it too.

http://screencast.com/t/AiFP7XnoV3

Hmm.. It does that because there is no parent for that forum so it doesn't have anything to inherit from.

See this is why these bug reports are so hard to diagnose. Because not enough information is provided into them. I would have never noticed that the forum that was being modified was a forum with no parent. And no one mentioned that it wasn't just the "Can View Threads" permission that was being unchecked. It was a lot of others too. If someone had mentioned that then it would have been a lot easier to figure out the correlation.

So it looks like we need to fall back to the usergroup defaults if there is no forum parent available.
Pages: 1 2