Advertisement:

Author Topic: Regular Members can delete their messages, even if disabled in permissions  (Read 836 times)

Offline Dwev

  • Jr. Member
  • **
  • Posts: 218
I recently noticed something strange: under the Permissions of the Regular Members the setting is Delete posts is off for both Own post and Any post.

But somehow Regular Members are stil able to delete their own posts, so against the settings in the Permissions.

Am I missing something, is there something that I don't understand, or what else is happening here?

For the rest everything is working as it should, and the forum is up-to-date (version 2.0.15).

Offline Illori

  • Project Manager
  • SMF Legend
  • *
  • Posts: 50,098
have you enabled permissions for post count groups? if so check the permissions that are granted there.

Offline Dwev

  • Jr. Member
  • **
  • Posts: 218
No, there are no post count groups (as far as I know).

The existing groups are the standard ones: Guests, Regular Members, Administrator, Global Moderator and Moderator.

Offline Illori

  • Project Manager
  • SMF Legend
  • *
  • Posts: 50,098
post count groups always exist, so please check for the permissions on them.

Offline a10

  • Charter Member
  • Sr. Member
  • *
  • Posts: 822
Take a look in Maintenance > Reports > Board Permissions
2.0.15, ssl, php 7.1.19, MySQL 10.1.30-MariaDB-1~xenial
Mods: Contact Page, Like Posts, Responsive Curve, Search Focus Dropdown.

Offline Illori

  • Project Manager
  • SMF Legend
  • *
  • Posts: 50,098
need to enable reports under core features first, dont forget to click the save button.

Online Aleksi "Lex" Kilpinen

  • A Peculiar Finn
  • Lead Support Specialist
  • SMF Super Hero
  • *
  • Posts: 17,581
  • Gender: Male
  • Don't worry, I'm n00b friendly
    • Aleksi.Kilpinen on Facebook
    • aleksi-kilpinen on LinkedIn
Just go to the user's profile, then navigate to Profile Info -> Show permissions.

You can see all the user's permissions and access there, on a more individual level than any of the built in reports provide.
A Finnish Support Specialist
 Happily running multiple SMF 2.0 installations.

How you can help SMF

"Before you allow people access to your forum, especially in an administrative position, you must be aware that that person can seriously damage your forum.
 Therefore, you should only allow people that you trust, implicitly, to have such access." -Douglas

Offline Dwev

  • Jr. Member
  • **
  • Posts: 218
I keep learning more every day about SMF.

Didn't realise that I had Post Count Groups on my forum, now I do (in Members > Membergroups > Edit Membergroups).

And yes, I can change the permissions to those of Regular Members, and the problem is solved.
And thanks Aleksi, that's indeed very handy to look up the Permissions.

One more question though, if I want to give some Post Count Group more Permissions somewhere in the future, where do I do that?

Offline Illori

  • Project Manager
  • SMF Legend
  • *
  • Posts: 50,098
in the admin panel on the same page you set permissions for the non post count groups given you have enabled permissions for post count groups.

Offline Dwev

  • Jr. Member
  • **
  • Posts: 218
@ a10 and Illori: thanks, Board Permissions Reports are now active as well, very handy.

Strangely enough it now works on the desktop (so normal users can't delete their messages anymore), but on mobile it hasn't changed.

Guess it's in the cookie? Though logging out and in again didn't have any effect.
« Last Edit: March 11, 2018, 05:09:02 AM by Dwev »

Online Aleksi "Lex" Kilpinen

  • A Peculiar Finn
  • Lead Support Specialist
  • SMF Super Hero
  • *
  • Posts: 17,581
  • Gender: Male
  • Don't worry, I'm n00b friendly
    • Aleksi.Kilpinen on Facebook
    • aleksi-kilpinen on LinkedIn
Permissions should not be stored like that, but any changes to them should come in effect immediately.
You may try emptying the SMF file cache, but I'd be looking for other explanations myself too.
A Finnish Support Specialist
 Happily running multiple SMF 2.0 installations.

How you can help SMF

"Before you allow people access to your forum, especially in an administrative position, you must be aware that that person can seriously damage your forum.
 Therefore, you should only allow people that you trust, implicitly, to have such access." -Douglas

Offline Dwev

  • Jr. Member
  • **
  • Posts: 218
@ Aleksi: I think I found what was happening here: for testing I was going back yo older messages.

It looks like these were written with the older Permissions, so these can still be removed by Regular Members.

But new posts made by Regular Members can't be deleted by them, so all looks good.

Online Aleksi "Lex" Kilpinen

  • A Peculiar Finn
  • Lead Support Specialist
  • SMF Super Hero
  • *
  • Posts: 17,581
  • Gender: Male
  • Don't worry, I'm n00b friendly
    • Aleksi.Kilpinen on Facebook
    • aleksi-kilpinen on LinkedIn
Even that sounds odd but could prrhaps be explained by caching. In time those should then also respect the new permissions.
A Finnish Support Specialist
 Happily running multiple SMF 2.0 installations.

How you can help SMF

"Before you allow people access to your forum, especially in an administrative position, you must be aware that that person can seriously damage your forum.
 Therefore, you should only allow people that you trust, implicitly, to have such access." -Douglas

Offline GigaWatt

  • The Smiley Guy
  • Support Specialist
  • SMF Hero
  • *
  • Posts: 1,484
  • Gender: Male
    • Macedonian electronics forum
Had a similar problem (some things applied retroactively, some things didn't), tried various combinations of settings, so I can't be absolutely sure which setting I tried triggered the right behavior (to apply some setting retroactively, currently and in the future, for future members and existing members), but I'm pretty sure this triggered the right behavior. Can't hurt to try ;).

Admin --> Configuration --> Themes and layout --> Member options

On your active theme, click on Change current options for all members using this theme, change some setting (change Don't change to Change and change it), click Save, afterwards, click on Configure guest and new user options for this theme, change the same setting you changed in Change current options for all members using this theme, click Save. Again, click on Change current options for all members using this theme and undo the changes you made before, do the same in Configure guest and new user options for this theme and for the last time, click on Change current options for all members using this theme, change something, click Save, change it back, click Save again.

I think this was what triggered the right behavior for current and future users, as well as current users being able to do something with their previously posted posts that I prohibited from doing.

Try it ;).
"This is really a generic concept about human thinking - when faced with large tasks we're naturally inclined to try to break them down into a bunch of smaller tasks that together make up the whole."

"A 500 error loosely translates to the webserver saying, "WTF?"..."

Offline Sh@mbles

  • SMF Hero
  • ******
  • Posts: 4,968
  • Gender: Male
    • i30 Owners Club
Had a similar problem ...

I don't think your 'similar problem' would have been permissions-related.

Offline GigaWatt

  • The Smiley Guy
  • Support Specialist
  • SMF Hero
  • *
  • Posts: 1,484
  • Gender: Male
    • Macedonian electronics forum
Yeah it was. I was trying to add new permissions to moderators for certain boards and the funny thing was that it applied on the default (Curve) theme, but not on the one I was using (I'm using a single theme, members can't choose themes). I think the step I described above, fixed it. As I stated previously, I have no idea which of the bunch of different settings I tried did the trick... I just thought it was this one.

It was kind of weird that the settings applied as expected on Curve but not on my current theme, and I also thought "there is no way this is going to work... but hey, let's dig around and see if something changes this behavior", so I started digging around in the theme settings, changed some things (member settings mostly) and... something just fixed it. Then just changed the settings back to what they were, everything was fine, the moderators had the permissions I assigned them, so I just thought "maybe a some misconfigured setting in the database during the conversion process ???... or some weird theme setting ???"... I just dropped it, had other things to fix.
"This is really a generic concept about human thinking - when faced with large tasks we're naturally inclined to try to break them down into a bunch of smaller tasks that together make up the whole."

"A 500 error loosely translates to the webserver saying, "WTF?"..."

Offline Illori

  • Project Manager
  • SMF Legend
  • *
  • Posts: 50,098
your issue was lack of the checkboxes or quick moderation options, this has nothing to do with permissions.

Offline GigaWatt

  • The Smiley Guy
  • Support Specialist
  • SMF Hero
  • *
  • Posts: 1,484
  • Gender: Male
    • Macedonian electronics forum
The quick moderation options were there, the problem was that I assigned new boards to the existing moderators and the changes (the new boards they could moderate) reflected only on Curve, not on my current theme (CleanTek)... even if opened an existing topic in the boards I assigned them, the moderation options weren't present (I'm not talking about the quick moderation buttons) in CleanTek, but were in Curve.
"This is really a generic concept about human thinking - when faced with large tasks we're naturally inclined to try to break them down into a bunch of smaller tasks that together make up the whole."

"A 500 error loosely translates to the webserver saying, "WTF?"..."

Offline Dwev

  • Jr. Member
  • **
  • Posts: 218
@ GigaWatt: I'm using a custom theme, so I will definitely try what you've suggested (no time right now) and once done I'll let you know if it took care of the last quirks.

Online Aleksi "Lex" Kilpinen

  • A Peculiar Finn
  • Lead Support Specialist
  • SMF Super Hero
  • *
  • Posts: 17,581
  • Gender: Male
  • Don't worry, I'm n00b friendly
    • Aleksi.Kilpinen on Facebook
    • aleksi-kilpinen on LinkedIn
Do let us know if you find out anything new, or if the issue clears on it's own.
A Finnish Support Specialist
 Happily running multiple SMF 2.0 installations.

How you can help SMF

"Before you allow people access to your forum, especially in an administrative position, you must be aware that that person can seriously damage your forum.
 Therefore, you should only allow people that you trust, implicitly, to have such access." -Douglas