ACP: Forum & Permission Management

  • In the past weeks I've talked a lot about front-end improvements and now it's time to take a closer look at what has changed in the ACP. We will deliver a bunch of new features related to the the work with forums and the permission system:


    Permission-Management for Forums



    We have added two new buttons to the user- and user group-list which offers you to configure forum permissions for them directly:



    When editing a group's permissions, you will be presented with an interface which is logically separated into two areas. The upper one allows you to select the target permissions you wish to edit, while the lower part shows the forum list with a status indicator and two checkboxes per row. The checkboxes simply allow you to explicitly grant or deny the selected permission for that forum.


    The status indicator shows either a green tick or a red prohibition sign, visualizing the effective permissions that are in effect. This is probably the most important part of the entire system as it visually helps you to understand the permission system:
    Permissions for a forum are always inherited by all sub-forums and allow you to quickly set up permissions by just adjusting the parent categories. In the screenshot above I have prohibited access for the "Everyone" user group to access the "Some Forum"-forum and as you can see it also disallows access for it's sub-forum. Now you might ask yourself why there are still checkboxes for the sub-forum available and the answer is simple: You can override the permissions for each forum, thus I can grant the permissions for that forum again even though it was implicitly denied due to inheritance.



    Editing a user is a bit more complex and I felt the need to include a notice on top which should remind you of how the system works. Every user is part of at least two user groups and since Burning Board does not have a "primary user group" thing, the system will simply take the permissions from all groups and calculates the effective permissions. As a result, a "better" value will always overrule a "lower" value, e.g. if "Everyone" can upload files up to 2 MB and "Registered Users" can upload up to 1 MB, then a registered user will be able to upload files up to 2 MB. This works the same for true / false values, you can deny access to a forum for user group A and at the same time you can explicitly grant access to that forum for user group B. If a user is now part of both groups, access will be granted because it is the "better" value.


    In some cases you want to block the majority from accessing a specific forum and only grant access to a small set of users. You could just add these peoples into an own group with the required permissions but eventually you will begin to throw yet another user group on top of the pile. The system won't mind, but you may lose track of what all these user groups are about. Given this, the system allows you to explicitly grant (or deny) permissions for a specific user, allowing you to grant access for a forum without the need of introducing yet another user group.


    We want to help you managing your permissions and as a result the system will visualize the effective permissions. Even though we have not set any permissions for the current user whatsoever, the access for both forums are indicated as blocked. At this point, granting the permissions for this user is everything you need and once you do it, the status indicators will update themselves.



    Copy Permissions


    Let's assume you have a rather complex set of permissions set for a specific forum, but you have to apply the same permissions for some other forums. Doing this all on your own will possibly take ages and we all make mistakes, especially during rather boring tasks. In order to help you out, we added the ability to copy permissions (and optionally moderators) from one source forum to another. It's a straightforward and simple feature, yet it should ease your life a lot.



    Copy Entire Forums



    Large forums tend to have many sections that are pretty similar in terms of forum structure and settings, for example if you have special sections dedicated to game X and game Y. We've added another tool which allows you to clone a forum with just a few mouse clicks, once it has been cloned you'll be redirected to the newly created forum and can make the proper adjustments. In addition there's a handy checkbox which will enable there recursive mode which will cause the system to clone the entire tree. This simply means that the source forum and its child forums will be copied at once.


  • Right now (WBB4.0) it is not possible with the default setting.
    Nevertheless there is a plugin by @Sonnenspeer who enables you to do so:


    Benutzergruppenrechte kopieren


    In WBB4.1 on the other hand it should be possible according to the developer @Matthias Schmidt


    Das ist bereits für WCF 2.1 umgesetzt. Wenn eine Gruppe kopiert wird, kann man auswählen, ob die Benutzer der ursprünglichen Gruppe auch Mitglied der neuen Gruppe sein sollen und ob die allgemeinen Rechte und die objekt-bezogenen Rechte ebenfalls kopiert werden sollen. "Objekt-bezogenen Rechte" meint in diesem Fall Rechte wie für einzelne Label-Gruppen oder spezifische Foren.


    its in german but I know you use google translator a lot ;)


  • I sure hope that is true. I know a few sites that have a lot of user groups they manage. If they can copy user group permissions to make new user groups, that would be very beneficial

  • I installed a fresh WCF 2.1 Version and made the screenshot :P


    BTW: No its not in WBB 4.0 its a WCF 2.1 feature which will be released when WBB 4.1 will be released

    I did not know you can install WCF 2.1 as a stand alone. I've learned something new today. lol


    (Now if only I could find the link to it. lol)

  • @Adam Howard The Setup consists of two different parts: The first part deploys the necessary files and creates the database structure. Once this is done, you'll be redirected to the ACP where all the packages themselves are being installed using WCF's package system. An interesting fact: WCF installs itself as the first package, even though most of its files have already been deployed at this time.


    Essentially, the files on GitHub have to be processed to build the initial setup, including the creation of the com.woltlab.wcf package. The jenkins link above automatically fetches changes and builds the entire setup, so you don't have to do it on your own. It is worth noting that even though the jenkins builds are trustworthy, they are being provided by a 3rd party.


  • Could you be so kind and explain how we install WCF 2.1 with WCFSetup.tar.gz
    I want to test it out


    Thanks

  • Download wcf.zip from that link, it contains both the needed install.php as well as the WCFSetup.tar.gz

    "A life is like a garden. Perfect moments can be had, but not preserved, except in memory. LLAP" — Leonard Nimoy

  • Hi @Alexander Ebert,


    Currently there is an issue with someone being able to create new user groups and give admin permissions (can create a new usergroup with all permissions, enter into this group and steal the forum).


    Is this issue fixed in the next version?


    best regards :)

  • Currently there is an issue with someone being able to create new user groups and give admin permissions (can create a new usergroup with all permissions, enter into this group and steal the forum).


    We have added a comparison mechanic which should prevent a user from granting better permissions than they have themselves. This of course does not prevent them from creating user groups featuring their exact own permissions, but they should not be able to exceed it.


    Yet you should never allow other users the ability to add or edit user groups, even if we're preventing some escalations with Burning Board 4.1, users can still do bad things as explained above.