Notings of Attention™
Acmlmboard 2 Released
Github/GIT | @acmlmboard
Chatting Places
Discord

Affiliates
Super Mario Bros. X | Kuribo64
Views: 8,954,774
Main | FAQ | IRC chat | Memberlist | Active users | Latest posts | Stats | Ranks | Online users | Search
03-29-24 02:42 PM
Guest: Register | Login

0 users currently in AcmlmBoard Developer Zone | 1 bot

Main - AcmlmBoard Developer Zone - Something I noticed with the permissions system and edituser
Next newer thread | Next older thread


Arisotura
Posted on 06-08-12 03:03 PM, in Link | ID: 16634
Developer
pancakes
Level: 83


Posts: 228/1868
EXP: 5395973
Next: 36248

Since: 01-05-12
From: France

Last post: 655 days
Last view: 194 days
(well I'm referring to admin-mode editprofile as edituser)

Edituser has $blockroot, which basically checks if an user is root or not, and if they're not, prevents them from promoting someone to root.

One issue with this method is that it only works well with an Acmlmboard-powerlevel based groups scheme. Let's say you have groups organized differently. You have two groups, and both are able to use edituser. One is able to do certain things, and the other one is able to do other things, perhaps more powerful. A member of the first group could use edituser to move themselves to the other group.

That shouldn't happen. I thought of a few solutions against that:
* avoiding that kind of configurations (removing edituser rights from certain users/groups?)
* preventing edituser-enabled users from touching the group option unless they have the edit-groups permission (or some other permission?)
* detecting which groups are more powerful than the user's group (could not be right, groups may be different from other groups without being more or less powerful)
* restricting the group list to the user's current group and groups without edituser permissions

What do you guys think?

____________________
Kuribo64 - melonDS

want some revolution in your coffee?

Emuz
Posted on 06-08-12 05:12 PM, in Link | ID: 16635
Site Administrator

11 Hit Combo:
Mother's Rosario
Level: 108


Posts: 723/3392
EXP: 13212120
Next: 308379

Since: 12-30-11
From: Akron, Ohio; USA

Last post: 116 days
Last view: 1 day
Posted by Mega-Mario
(well I'm referring to admin-mode editprofile as edituser)

Edituser has $blockroot, which basically checks if an user is root or not, and if they're not, prevents them from promoting someone to root.

One issue with this method is that it only works well with an Acmlmboard-powerlevel based groups scheme. Let's say you have groups organized differently. You have two groups, and both are able to use edituser. One is able to do certain things, and the other one is able to do other things, perhaps more powerful. A member of the first group could use edituser to move themselves to the other group.



This is code from when Kawa introduced the first version of the 'Root Admin' powerlevel. It was built on the legacy power system. (IE: id 4 is root etc). You'll find a lot of code similar to this one that directly tests using the old system. If you see anything that refers to or uses the AB legacy (fixed power level) by number) please mark it for replacement. :)

Hmm.. Well the goal should keep in mind that our perm set may be nothing like the next guy's. I guess this is uncharted territory as we've not really explored the system in a non-hierarchical form.

#1 * - We can block it per user and group with revoke perms. This is currently limited to 'all or nothing' which could be changed.

#2 * - Possibly. it was just a root user situation we could build a super user mark (like default group, and etc) and build a perm for edit-superuser. However I don't see that being the best solution. (too inflexable)

#3 * - Correct. I agree. Some other board may have someone who they would like to only edit from "Normeys, Mods, but not "Happy Eilte" etc.

#4 * - You mean "default is if you can 'edituser' you will be able to set it to any group that doesn't explicitly have a define?" Well that would work if I read you correctly, but it wouldn't open up the ability to have more fine controls.

I would like to break down the admin functions to much finer perms if we can get the time to do so. I was thinking today where someone having a 'full mod with ban ability' would be useful in some context. They would only be able to set the person's group to 'ban' or 'normal'. (Well and other thing as you wish.. but it's immaterial.) I think that kinda is in line with this as well.

As long as the front end can easily handle it, we could control this in the admin/group editor. We can build it so it makes a perm for each one if so choose.

Thoughts? (sorry I was doing this at lunch so I may not be completely clear due to the rushing to finish it. Let me know if you need clarification)



The Dynamic Profile Administratorâ„¢


"Never Knows Best"
Note: if you can see this my layout broke. ALL THE CREDITS WILL BE REVEALED!!
'Victory Noriko' by @thatsheepagain.
'Chibi Dance Noriko' by @Haru__Kitsu.
'Deity's Night Out (Featuring Gabbie)'
by @thatsheepagain
Noriko Emotes by @Haru__Kitsu.
Side Bar Noriko by @thatsheepagain
'Noriko's Nature Walk' by @projectTiGER_
Emotive Noriko by @thatsheepagain.
"Space Candy Noriko" by BerryVerrine.
"Super Sharp Noriko" by Xionfes.
A gift illustration from the wonderful EverKinzPony!
"Magical Girl Noriko" by @cute_hospital!
"Patient Chibi Noriko" by @Ruii_ki!
'Dapper '60s Noriko' by @thatsheepagain.
'Shiny Chibi Noriko' by @inioli.
'Flower Veil Noriko' by @Sushiee_.
'Noriko in Realism' by @_Sarybuu.
'Noriko's Midnight Adventure' by @projectTiGER_
'Yukata Noriko' by @yunyunmaru_
'Birthday Wishes Noriko' by @thatsheepagain

Arisotura
Posted on 06-08-12 06:46 PM, in Link | ID: 16636
Developer
pancakes
Level: 83


Posts: 229/1868
EXP: 5395973
Next: 36248

Since: 01-05-12
From: France

Last post: 655 days
Last view: 194 days
I like your idea. That could be implemented with 'assign-user-to-group' permissions, whose bindvalues would be the group IDs.

I'd then make a separate interface for that in the permissions editor. If you give the user/group permission to use edituser, you get a second table, which would be 'which groups may this user set' or something in the like.

____________________
Kuribo64 - melonDS

want some revolution in your coffee?

Emuz
Posted on 06-08-12 07:01 PM, in Link | ID: 16637
Site Administrator

11 Hit Combo:
Mother's Rosario
Level: 108


Posts: 724/3392
EXP: 13212120
Next: 308379

Since: 12-30-11
From: Akron, Ohio; USA

Last post: 116 days
Last view: 1 day
Indeed. That would provide a very flexible interface, and it would be no more confusing db side than the rest of the perms. Hopefully no one will need to use direct sql to work with them when we are though, (save developers/coders of course)

Also if you haven't looked at it yet (I forgot to mention it) Bouche started to build some functions for permissions. it's in the file testbed.php public_html/

You might find it of some use, and if not it's worth a read


The Dynamic Profile Administratorâ„¢


"Never Knows Best"
Note: if you can see this my layout broke. ALL THE CREDITS WILL BE REVEALED!!
'Victory Noriko' by @thatsheepagain.
'Chibi Dance Noriko' by @Haru__Kitsu.
'Deity's Night Out (Featuring Gabbie)'
by @thatsheepagain
Noriko Emotes by @Haru__Kitsu.
Side Bar Noriko by @thatsheepagain
'Noriko's Nature Walk' by @projectTiGER_
Emotive Noriko by @thatsheepagain.
"Space Candy Noriko" by BerryVerrine.
"Super Sharp Noriko" by Xionfes.
A gift illustration from the wonderful EverKinzPony!
"Magical Girl Noriko" by @cute_hospital!
"Patient Chibi Noriko" by @Ruii_ki!
'Dapper '60s Noriko' by @thatsheepagain.
'Shiny Chibi Noriko' by @inioli.
'Flower Veil Noriko' by @Sushiee_.
'Noriko in Realism' by @_Sarybuu.
'Noriko's Midnight Adventure' by @projectTiGER_
'Yukata Noriko' by @yunyunmaru_
'Birthday Wishes Noriko' by @thatsheepagain

Arisotura
Posted on 06-08-12 07:52 PM, in Link | ID: 16639
Developer
pancakes
Level: 83


Posts: 230/1868
EXP: 5395973
Next: 36248

Since: 01-05-12
From: France

Last post: 655 days
Last view: 194 days
I'll look into Bouche's functions. But my coding nature wants to make code the most efficient possible, so I tend to directly use MySQL queries and such.

____________________
Kuribo64 - melonDS

want some revolution in your coffee?

Next newer thread | Next older thread
Main - AcmlmBoard Developer Zone - Something I noticed with the permissions system and edituser


Acmlmboard v2.5.5 (10/04/2020)
© 2005-2024 Acmlm, Emuz, et al.

Page rendered in 0.042 seconds. (795KB of memory used)
MySQL - queries: 87, rows: 512/545, time: 0.033 seconds.