Will I have issues setting up permissions like this?

Discussion in 'XenForo' started by Igneous, May 18, 2017.

  1. Igneous

    Igneous Participant

    58
    13
    +12
    Hello there,

    My plan for permissions is to have it setup like this:

    The CL and the number will appear next to the node name, they will only be able to see forums their clearance level matches (and all clearance levels beneath them, so 4 could see 3, 2, & 1)

    Additional Usergroups will work like this, say somebody wants to join the staff team for one of the games our community supports. They would be added to
    and would be able to see the private forum for staff/team leaders for that specific game.

    Is there any possible issues that could develop on XF for setting up permissions this way?

    Thanks.
     
  2. ManagerJosh

    ManagerJosh Adherent

    299
    75
    +111
    Definitely possible in XenForo as it stands right now. If one scopes the permission to what each group needs access to, simply expanding their rights would grant them additional permissions - effectively adding a new 'clearance level'
     
  3. Digital Doctor

    Digital Doctor Tazmanian

    4,844
    397
    +1,811
    In Xenforo, it's often best to have everyone's Primary group as Registered. The reasons escape me.
     
  4. Igneous

    Igneous Participant

    58
    13
    +12
    Thank you for your replies.

    Right now I'm setting it so that a node category I don't want to be public to private; setting view node access for specific usergroups and then on individual forums inside this category I'm revoking everything from the usergroups that shouldn't see that forum.

    Should I change how I'm doing this?
     
  5. Steve

    Steve Administrator

    3,191
    1,472
    +2,631
    One reason would be installing a new add-on that requires view permissions. Having users in different groups would require you to adjust the view permissions for the add-on in each of those groups. If you have everyone's primary group (Registered) the same then you only need to adjust it there and revoke it for any other secondary groups if need be.
     
  6. Steve

    Steve Administrator

    3,191
    1,472
    +2,631
    Seems correct, yes.
     
  7. sanction9

    sanction9 Participant

    53
    8
    +28
    Just be sure to do as Digital Doctor recommends and set everyone's primary group to Registered. It will save you trouble down the road - such as when you want to set a permission that allows everyone to use whatever feature and it's easier to be able to set it for one group rather than half a dozen+; or you want to tag everyone to get their attention and it's easier to tag one usergroup than several; etc.
     
  8. Jim McClain

    Jim McClain Senior Citizen

    1,870
    832
    +462
    In the 4 days my site has been converted from vB to XF, I have had one problem after another with permissions. I thought I had a handle on it, following the advice to make all members, including me, use the primary user group Registered. I have no idea how things could have gotten so screwed up. I am sure I have caused the mistakes and sheer frustration has probably led to even more.

    When I read thread after thread about problems other users have had, I just can't help but believe this system is not as easy for us as the developers thought it would be. Then I see them getting frustrated with us because we don't see what they do. I am to the point now where I am considering paying someone to come in and set all my permissions so I never have to worry about it again.

    Here's my hierarchy:
    • Banned Users - cain't do squat
    • Unregistered/Not Logged In - Can't post, can't use Search, can't view full-size attachments and can't view several forums
    • Registered Users - Lowest permissions level of active members, some forums are read only, some can't even be viewed
    • Charter Member - No different than Registered except they get a banner that says they're a Charter Member
    • Senior Member - No different than Registered except for the length of time as a member and the amount of their participation and a banner
    • Supporting Member - No different than Registered except they have donated various amounts of money, which gets them an ad-free experience and a banner
    • Contributor - Same privileges as Registered except the have written articles that are published on the WordPress portion of my site - oh, and a banner
    • Sponsor - Can view all forums and content that a Professional can, but can only post in those that a Registered member can and has a banner
    • Professional - Has access to all forums except staff forum, can post messages, have albums, gets more upload space, bypass floods and spam checks, but no banner
    • Moderation - Has minimal ability to moderate - can't delete or ban, but can move, edit and close and has a banner
    • Admin Assistant - He can do almost as much as I can but doesn't. He's the safeguard I have in case something happens to me, so he can find someone to take the helm
    • Administrator - that's me, full control - you would think that just being the Super Admin would give me any and all privileges, but that ain't the case from what I have experienced
     
  9. doubt

    doubt Tazmanian

    4,128
    452
    +1,648
    Should be able to soft delete instead of move.
    You don't agree with the deletion? One click and the post/thread viewable again instead of looking for the node to move it back.
     
  10. Jim McClain

    Jim McClain Senior Citizen

    1,870
    832
    +462
    I agree, but I don't remember vB 3.8 having that distinction. It was either had the power to delete or not, so I chose not. If it's possible in XF, I'd do it, but I am struggling with the permissions enough. It has wore me out. I need to ease the stress levels some for a few days before I have another heart attack.
     
  11. we_are_borg

    we_are_borg Moderator

    3,405
    707
    +1,228
    Do you stack the permissions you are in the registered group and as secondary administrators?
     
  12. Jim McClain

    Jim McClain Senior Citizen

    1,870
    832
    +462
    I hope you can rephrase that because I don't understand what you asked. If it helps, all members, including myself, are using Registered User as the primary user group. All other user groups are set as secondary. That is how most of the advice I have seen suggested it should be.

    But wait, my fear is that this will be just one more in a very long list of threads that has offered advice and suggestions on how to set permissions. I have followed some I thought were offered by experts, only to find that I didn't end up with permissions I should have and had members complaining every day that they don't have the permissions to do things they always could before. Unfortunately, me trying to fix these permissions has likely caused even more problems. I don't think I need advice or suggestions anymore. As I said before, I am to the point of being willing to pay someone to do it - and they have to guarantee it will be right for every user group.
     
  13. doubt

    doubt Tazmanian

    4,128
    452
    +1,648
    It's possible, that's the default.
    Do not give the permission to hard delete to anyone except yourself.
     
  14. we_are_borg

    we_are_borg Moderator

    3,405
    707
    +1,228
    That's correct setup if you dont do this you get in trouble later on. It can be done another way but this is the way XF wants it.

    I presume that you triple checked the permissions so that all groups have the permissions you want, remember a mistake is easily made.

    You need to remember the following if you set permissions to the node tree that permissions is obeyed by every user group including the administrator one. So if you set in the node tree that the user group administrators has no right to see the node then they cant there is not exception not even for administrator group. The best advice i can give you wait a few hours enjoy your self and then retry the longer you stare the less you see espeacily when debugging.
     
  15. Igneous

    Igneous Participant

    58
    13
    +12
    I don't suppose there's a way to eliminate how XenForo setups Admin/Mod?

    I'd like to give all permissions to my CL6 usergroup (admin cp access etc) without the need to type their name in and add them.


    As for Moderators, can I give global moderator permissions to [STAFF] - Community Moderator? I suppose I could rename the Moderating usergroup but hm. I saw the option to assign moderators by username but that seems clunky, I'd much prefer just giving someone [STAFF] - Community Moderator and that unlocks the global moderator permissions and the moderator forum for them.

    Nevermind, just giving them forum moderators permissions solved the above paragraph.

    Basically I'd like to switch it how to VB did it.
     
    Last edited: May 28, 2017
  16. we_are_borg

    we_are_borg Moderator

    3,405
    707
    +1,228
    Xenforo is not vBulletin.
     
  17. Igneous

    Igneous Participant

    58
    13
    +12
    I'm aware, just wanted to change how these little things work to match VB. Not really a fan of the whole add user to administrator.
     
  18. Joeychgo

    Joeychgo TAZ Administrator

    6,385
    1,532
    +3,052
    No, its not. But many people have complained about permissions (including me) -- Its disappointing to see XF doesn't seem to care.
     
  19. zappaDPJ

    zappaDPJ Administrator

    5,561
    1,212
    +3,974
    I'm not a fan of the way XenForo handles permissions but having migrated a large number of forums from vBulletin to XenForo I'd advise you not to take that approach. Even if it works for you in the short term, it will prove to be a mistake in the long term, especially if you start adding additional functionality from third parties.
     
  20. we_are_borg

    we_are_borg Moderator

    3,405
    707
    +1,228
    Its different thinking everyone is registered user and you stack additional permissions on top of the registered user group.
     
Verification:
Draft saved Draft deleted