Permission post-based <-> non post-based

[[Unknown]]

Maybe you don't understand.  There are no deny checkboxes.  I don't see them, and if you do you're seeing things that aren't there.

You can allow a group to view a board.  If you allow that group to view a board, members of that group can view it.

If I am in 50 groups or 2 groups... it doesn't matter.  If I have one allow and zero denies (since there can be NO denies!) then I get in.

Post groups are for everyone.  If you don't want EVERYONE to get in, don't allow the post groups.

-[Unknown]

[David]

And as we are trying to say, that is not how we believe it should work.  A post group is something that everyone is in and is generic, specific primary and secondary groups should overrule any post group permissions.

[[Unknown]]

So don't use post groups for permissions..... just never check them....

-[Unknown]

[David]

So I was thinking about this as I was going to sleep.  Here is what I think the problem is.

Currently you can either:
Deny a Permission (Denied from the member even if allowed in another group they belong)
Allow a Permission (Given to the member even if denied in another group they belong)
(Blank) a Permission (Denied from the member unless allowed in another group they belong)

It seems like we are missing
(Blank) a Permission (Given to the member unless denied in another group they belong)

[[Unknown]]

I am going to capitalize to phrases you are mixing improperly.  These two phrases are PERMISSION and BOARD VIEW ACCESS OPTIONS.  Because it's really annoying me that you are intermixing them, at least as much as my captializing them will probably annoy you.

Currently you can...
Allow a Permission (Given to the member even if denied in another group they belong)

Wrong.  Deny is deny is deny is deny.  Deny means NO.  "Just say no!"

Allow a PERMISSION: allow unless denied otherwise by any group.

Now, let me clarify.  In the permissions interface, there are allow/blank/deny.  These work as you understand except that deny means NO.

In the boards interface, there are no permissions - but there are access options.  You may WHITELIST groups to be able to see the board.  There is, right now, NO BLACKLISTING AVAILABLE for BOARD VIEW ACCESS OPTIONS.  In other words there is no deny for boards.

Adding a deny for boards would either complicate queries so much that they would all be a lot slower, or add so many clauses that proper indexing would not be quite possible.  To me, this is a VERY VERY VERY UNDESIRABLE THING TO DO.  I am not AT ALL interested in adding DENY to the BOARD VIEW ACCESS OPTIONS.

PERMISSIONS are handled very differently, and having deny there hardly complicates things at all.  BOARD VIEW ACCESS OPTIONS are not handled through permissions, however, and would be slower if they were - which is why BOARD VIEW ACCESS OPTIONS are used in the first place.

The solution to this problem is, however, not possible right now because of changes Compuart made.  Before, the "All Members" BOARD VIEW ACCESS OPTION was named "Ungrouped Members" and applied to members with no primary group.  Because of this, post group BOARD VIEW ACCESS OPTIONS are the only way to allow all members, and imho this is very very bad.

Ungrouped Members being separate would mean that you could check that and still have other members who could not access the board.  This is desirable functionality for "jailing" members.

But again, I am not at all or in any way interested in either mixing PERMISSIONS and BOARD VIEW ACCESS OPTIONS, or making a blacklist or deny setup for BOARD VIEW ACCESS OPTIONS.

-[Unknown]

[Daniel D.]

This may sound wired, but the "blank" in the permission system doesn't fit in my eyes. You can allow or deny a permission, nothing more. Why not making allow/deny for permissions and unchecking a group in the board access options, the specified members can't view it ? It's more logical to me than the current ones.

But what does it help to write all this ? Nothing ... annoying ...

[Acf]

http://www.simplemachines.org/community/index.php?topic=8126.0
Still i would like to see a more advanced permissions system.

[Daniel D.]

We should only change the existing options, any other "advantage" should be done later.

[[Unknown]]

You can allow or deny a permission, nothing more. Why not making allow/deny for permissions and unchecking a group in the board access options, the specified members can't view it ? It's more logical to me than the current ones.

But again, I am not at all or in any way interested in either mixing PERMISSIONS and BOARD VIEW ACCESS OPTIONS, or making a blacklist or deny setup for BOARD VIEW ACCESS OPTIONS.

-[Unknown]

[Daniel D.]

You don't mix something after changing it to deny/allow, you only correct things. Or do you know a "blank" permission ? Deny/allow, that's all. The other thing is nothing more than correct the access to the boards. If I don't want a membergroup to see this board the users shouldn't be able to see it. But YOU don't want it so it would not happen. It's OK.

[David]

Ok, so if DENY DENIES no matter what, why can't there also be an ALLOW which ALLOWS no matter what?  If we're talking about flexability, there need to be equal choices on both sides of the spectrum.

[Daniel D.]

Any news on that ?

[Daniel D.]

Many german users don't like the way the system works now. They want to exclude members from the boards, but they can't due to the problem with the post-based.

[[Unknown]]

It has been fixed in RC1 and I believe Beta 6 to work the way I described. (All Members -> Ungrouped Members.)

-[Unknown]