Portal Module group permissions (bug?)
Posted: 4. January 2012 16:31
Hi,
First off, you got a very nice project running here. I was going for phpBB with Wordpress, but that kind of exploded due to the phpBB bridge for WP (security problems, in my personal experience). I think Portal suits the needs of our site better too.
Alright, back to the topic.
Something seems to be going 'weird' with group persmissions for the portal modules. So far I tested it with with 2 module types, but I'm guessing it will be the same for all the other modules. I tested the custom module block (own created one and the default "welcome message" one) and the clock module.
Software at the time of the test:
phpBB v 3.0.9.
Board 3 Portal v 2.0.0b1
For completeness sake:
PHP v 5.3.8
MySQL v 5.5.19
My group memberships on phpBB are: "admins", "global moderators", "registered users" and "members"
The behaviour I expected from the modules would be that if I added 1 of these groups (no matter which one), it would be enough to let the module show up for me. The behaviour was not as I expected , so I did some testing.
Overview of my tests:
From what I can read from the tests I think I can safely conclude that the group permissions for module blocks only looks at the default group for that member. Is this intentional design or possibly a bug?
According to what I read, the default group has no implications on permissions in phpBB.
In my opinion it is more logical not to take the default group into account in any way when determining whether a user has rights to view content. Or make a setting for turning this behaviour on/off.
Greetings,
SigiLee
First off, you got a very nice project running here. I was going for phpBB with Wordpress, but that kind of exploded due to the phpBB bridge for WP (security problems, in my personal experience). I think Portal suits the needs of our site better too.
Alright, back to the topic.
Something seems to be going 'weird' with group persmissions for the portal modules. So far I tested it with with 2 module types, but I'm guessing it will be the same for all the other modules. I tested the custom module block (own created one and the default "welcome message" one) and the clock module.
Software at the time of the test:
phpBB v 3.0.9.
Board 3 Portal v 2.0.0b1
For completeness sake:
PHP v 5.3.8
MySQL v 5.5.19
My group memberships on phpBB are: "admins", "global moderators", "registered users" and "members"
The behaviour I expected from the modules would be that if I added 1 of these groups (no matter which one), it would be enough to let the module show up for me. The behaviour was not as I expected , so I did some testing.
Overview of my tests:
Code: Select all
//changing group permissions for module block
*added "members" group: block not visible
*added "admins" group: block not visible
*added "global moderators"group: block not visible
*added "registered users" group: block visible
*removed all groups
*added "registered users" : block visible
*removed "registered users" : block visible //no groups left, so access for all I'm guessing?
*added "members" group: block not visible
*removed all groups
*added "global moderators" group: block not visible
*removed all groups
*added "admins" group: block not visible
//changes in groupmemberships for my account
*removed myself from "registered users" group //which was default group for my account
*made "global moderators" my default group
//changing group permissions for module block
*removed all groups
*added "global moderators" group: block visible
*removed all groups
*added "admins" group: block not visible
According to what I read, the default group has no implications on permissions in phpBB.
In my opinion it is more logical not to take the default group into account in any way when determining whether a user has rights to view content. Or make a setting for turning this behaviour on/off.
Greetings,
SigiLee