Editing posts and permissions question

Started by SulevFan, May 10, 2022, 10:51:24 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions

SulevFan

May 10, 2022, 10:51:24 AM
Big oof! I posted this in the SMF 1.1.z board, when I have SMF 2.0.18.  Can a mod please move this?

We have a spammer problem (who hasn't>)

While we successfully fend off the majority of them, a few slip through. Some of these make innocuous posts. Then, some time later, they return, modify the post with links. Either malicious links or perhaps just to get crawled and boost search engine ranking.

My first plan of defense was to disallow Via Post settings for posts to be edited after 30 minutes have elapsed.

Unfortunately a few members are inconvenienced by this feature.

So then I decided to make it so that post-based member groups can have the relevant permission to modify their posts after they have achieved 25 posts. (Full Member).

I found that I had to modify all the post-based groups after Full Member - it does not seem as if the permission carries forward. Is this correct or am I just not understanding permissions?

Secondly, and more importantly, can I now safely remove the Post setting of 30 minutes? Before we had that, and with no permissions set, any member could edit their posts for an indefinite period of time.


Thanks.

Arantor

#1
May 10, 2022, 11:07:11 AM
Post groups are not auto-stacking, so let's say you have the following groups:

0+ - Member
10+ - Regular
25+ - Full Member

Someone with 1 post is a Member, someone with 10 posts is a Regular but they're not *also* a Member. When you move up a group you don't have the things in the previous group.

Similarly, someone with 30 posts is a Full Member but *not* either Regular or Member.

Illori

#2
May 10, 2022, 11:12:54 AM
The time limit to edit posts is a global setting so it applies to everyone but administrators and moderators.

SulevFan

#3
May 10, 2022, 11:28:22 AM
Right, so I get this. I gave all member groups with more post than minimum for Full Member permission to update posts. So that's Full Member, Senior Member and Hero member.

That part is OK.

What I'm now trying to figure out is how to NOT give Junior members (with fewer than 25 posts) that permission when I remove the Global setting.


PS. And thanks for moving my post.

Arantor

#4
May 10, 2022, 11:32:11 AM
So remember that every user is in at least 2 groups - their post count group and their primary group (which defaults to the base Registered Member 'group' if no explicit primary group is set)

You have two choices - you can either a) make sure no group has the edit power except for the 25+ post count groups, plus moderators, or b) make sure to enable deny permissions and deny it to the less-than-25 post count groups since deny overrides allow.

SulevFan

#5
May 10, 2022, 12:06:38 PM
Quote from: Arantor on May 10, 2022, 11:32:11 AMYou have two choices - you can either a) make sure no group has the edit power except for the 25+ post count groups, plus moderators, or b) make sure to enable deny permissions and deny it to the less-than-25 post count groups since deny overrides allow.

So it seems to me those two options are the same? Excuse me if I'm obtuse.

But I checked a new member that had never posted and yes, they are in "Regular Members" group. And they have permission to modify Own post - given by Regular Members. So I'd have to modify Regular members to remove the aforementioned permission?

And then if I restore it to Full Members and above, things will work as I wish?

That doesn't seem any different to me than the option b) mentioned?

Arantor

#6
May 10, 2022, 12:20:24 PM
No, they're not. Option a) is about not adding permissions, option b) is an explicit removal.

If you remove the permission from Regular Members, you are simply ensuring no combination of groups grants the permission (option a). Option b is about adding a restriction onto the bottom most post count groups so that *in spite of Regular Members having it* it would be denied. That's the difference - option a works by not adding the permission, option b works by explicitly deleting the permission.

Same net result, different routes.

SulevFan

#7
May 10, 2022, 12:30:20 PM
Arantor, Thanks, I think I got it. And hopefully it's all fixed. (Me, waiting for someone to report an issue again). :)

Steve

#8
May 11, 2022, 08:02:10 AM
Then I'm marking this solved for now. If the issue comes up again, mark it unsolved and continue with what happened.
DO NOT pm me for support!
Print
Go Up Pages1
User actions
Advertisement: