Advertisement:

Author Topic: Local moderator  (Read 1232 times)

Offline HunterP

  • Sr. Member
  • ****
  • Posts: 976
  • Gender: Male
  • SMF 2.0.4
    • Hulpverleningsforum Nederland
Local moderator
« on: January 14, 2013, 01:01:23 PM »

Hi there,

I've just tried a different approach to give one of my members access to a 'private' board. His membergroup doesn't have access to this board, but I've added him as local moderator.

- He can access the board and topics when using a direct link
- He cannot see the board in the board-index and topics don't appear in the list of recent messages

I know that this is a weird solution, but the appearence is also weird. Is this a bug? You would expect something to work correctly or not to work at all. This seems to work partially, is that intended?

Offline Arantor

  • Resident Overthinker
  • SMF Friend
  • SMF Legend
  • *
  • Posts: 71,626
    • StoryBB/StoryBB on GitHub
Re: Local moderator
« Reply #1 on: January 14, 2013, 01:16:20 PM »
This is not weird at all, and is precisely how the system is designed.

He only gets any permission to touch the board when he is inside it. When he is not inside the board, he is not a moderator, and has no ability to see the board.

It cannot be changed without significant (and potentially expensive) extra work to load the permissions and extend {query_see_board}.
Don’t try to tell me that some power can corrupt a person. You haven’t had enough to know what it’s like.

No good deed goes unpunished / No act of charity goes unresented.

Offline HunterP

  • Sr. Member
  • ****
  • Posts: 976
  • Gender: Male
  • SMF 2.0.4
    • Hulpverleningsforum Nederland
Re: Local moderator
« Reply #2 on: January 14, 2013, 01:28:24 PM »
He only gets any permission to touch the board when he is inside it. When he is not inside the board, he is not a moderator, and has no ability to see the board.

Ok, just wondering... In the function getBoardIndex() I see a big query which contains :

Code: [Select]
LEFT JOIN {db_prefix}moderators AS mods ON (mods.id_board = b.id_board)
LEFT JOIN {db_prefix}members AS mods_mem ON (mods_mem.id_member = mods.id_member)

What does this do, as you seem to say that the function "local moderator" doesn't give him permissions to see a board?

Offline Arantor

  • Resident Overthinker
  • SMF Friend
  • SMF Legend
  • *
  • Posts: 71,626
    • StoryBB/StoryBB on GitHub
Re: Local moderator
« Reply #3 on: January 14, 2013, 01:29:32 PM »
That fetches the local moderators for each board. It doesn't do anything for board access.
Don’t try to tell me that some power can corrupt a person. You haven’t had enough to know what it’s like.

No good deed goes unpunished / No act of charity goes unresented.

Offline HunterP

  • Sr. Member
  • ****
  • Posts: 976
  • Gender: Male
  • SMF 2.0.4
    • Hulpverleningsforum Nederland
Re: Local moderator
« Reply #4 on: January 14, 2013, 01:30:41 PM »
That fetches the local moderators for each board. It doesn't do anything for board access.

Ok, thanks!

Offline HunterP

  • Sr. Member
  • ****
  • Posts: 976
  • Gender: Male
  • SMF 2.0.4
    • Hulpverleningsforum Nederland
Re: Local moderator
« Reply #5 on: January 17, 2013, 02:31:40 PM »
It cannot be changed without significant (and potentially expensive) extra work to load the permissions and extend {query_see_board}.

I've been looking at

   $user_info['query_see_board'] = '(FIND_IN_SET(' . implode(', b.member_groups) != 0 OR FIND_IN_SET(', $user_info['groups']) . ', b.member_groups) != 0' . (isset($user_info['mod_cache']) ? ' OR ' . $user_info['mod_cache']['mq'] : '') . ')';

in Load.php, is that what you meant?

Offline Arantor

  • Resident Overthinker
  • SMF Friend
  • SMF Legend
  • *
  • Posts: 71,626
    • StoryBB/StoryBB on GitHub
Re: Local moderator
« Reply #6 on: January 17, 2013, 04:23:22 PM »
Yup. That value, $user_info['query_see_board'] becomes part of an SQL query, it later becomes {query_see_board} and forms part of a WHERE later on.

Let's say a user is in groups 2 and 10 (global moderator and a high post count group)

e.g. SELECT ... FROM ... WHERE {query_see_board} which becomes SELECT ... FROM ... WHERE (FIND_IN_SET(2, b.member_groups) != 0 OR FIND_IN_SET(10, b.member_groups))

Except that this occurs before group 3 is added to a user's account, and IIRC you can't actually set group 3 as being a group that can be part of b.member_groups.

There's just no good way to do it without refactoring the entirety of how board details are loaded along with permissions - and that's a monumental (as well as upgrade unfriendly) task.
Don’t try to tell me that some power can corrupt a person. You haven’t had enough to know what it’s like.

No good deed goes unpunished / No act of charity goes unresented.