News:

Want to get involved in developing SMF, then why not lend a hand on our github!

Main Menu

Local moderator

Started by HunterP, January 14, 2013, 01:01:23 PM

Previous topic - Next topic

HunterP


Hi there,

I've just tried a different approach to give one of my members access to a 'private' board. His membergroup doesn't have access to this board, but I've added him as local moderator.

- He can access the board and topics when using a direct link
- He cannot see the board in the board-index and topics don't appear in the list of recent messages

I know that this is a weird solution, but the appearence is also weird. Is this a bug? You would expect something to work correctly or not to work at all. This seems to work partially, is that intended?

Arantor

This is not weird at all, and is precisely how the system is designed.

He only gets any permission to touch the board when he is inside it. When he is not inside the board, he is not a moderator, and has no ability to see the board.

It cannot be changed without significant (and potentially expensive) extra work to load the permissions and extend {query_see_board}.

HunterP

Quote from: Arantor on January 14, 2013, 01:16:20 PM
He only gets any permission to touch the board when he is inside it. When he is not inside the board, he is not a moderator, and has no ability to see the board.

Ok, just wondering... In the function getBoardIndex() I see a big query which contains :

LEFT JOIN {db_prefix}moderators AS mods ON (mods.id_board = b.id_board)
LEFT JOIN {db_prefix}members AS mods_mem ON (mods_mem.id_member = mods.id_member)


What does this do, as you seem to say that the function "local moderator" doesn't give him permissions to see a board?

Arantor

That fetches the local moderators for each board. It doesn't do anything for board access.

HunterP

Quote from: Arantor on January 14, 2013, 01:29:32 PM
That fetches the local moderators for each board. It doesn't do anything for board access.

Ok, thanks!

HunterP

Quote from: Arantor on January 14, 2013, 01:16:20 PM
It cannot be changed without significant (and potentially expensive) extra work to load the permissions and extend {query_see_board}.

I've been looking at

   $user_info['query_see_board'] = '(FIND_IN_SET(' . implode(', b.member_groups) != 0 OR FIND_IN_SET(', $user_info['groups']) . ', b.member_groups) != 0' . (isset($user_info['mod_cache']) ? ' OR ' . $user_info['mod_cache']['mq'] : '') . ')';

in Load.php, is that what you meant?

Arantor

Yup. That value, $user_info['query_see_board'] becomes part of an SQL query, it later becomes {query_see_board} and forms part of a WHERE later on.

Let's say a user is in groups 2 and 10 (global moderator and a high post count group)

e.g. SELECT ... FROM ... WHERE {query_see_board} which becomes SELECT ... FROM ... WHERE (FIND_IN_SET(2, b.member_groups) != 0 OR FIND_IN_SET(10, b.member_groups))

Except that this occurs before group 3 is added to a user's account, and IIRC you can't actually set group 3 as being a group that can be part of b.member_groups.

There's just no good way to do it without refactoring the entirety of how board details are loaded along with permissions - and that's a monumental (as well as upgrade unfriendly) task.

Advertisement: