How role permissions are verified for a category with custom permissions?
Hi all, I'm new with Vanilla. I'm evaluating PHP Forums to create my company's forum.
What I need is to have different categories for different clients and one client should not see another client's categories/messages/etc.
I setup a couple of users, and assigned them new roles (client1, client2), then create a couple of categories with custom permissions, and enabled add/view permissions for the correspondent clientX role and disabled all permissions for other roles.
Here comes my question!
At the category custom permissions setup, I can see default roles like "applicant" or "guest". What I need to know is how permissions are verified, e.g. If I assign roles "client1" and "applicant", both with "add" permission, to the category "client1", does Vanilla check if the user is an "applicant" OR "client1", or an "applicant" AND "client1". (I don't want applicants to see "client1" category).
Thanks a lot!
Pablo.
www.cabolabs.com
BTW: the install process is great, and the config is very intuitive with good references to the documentation.
Answers
Anybody knows what's the criteria when checking role authorization (r1 and r2 vs. r1 or r2)? or at least, where can I find the code where this is done? thanks.
its or.
and this is really easy to test if have a forum instance running...
Vanilla Wiki, Tastes Great! 31,000 viewers can't be wrong. || Plugin Development Explained
to save confusion lets call your category
catogory1
.the rules are additive.
so, if someone has the permission
applicant
and you clear the view permission forcategory1
it will not be able to see it. However if they have bothapplicant
andclient1
they will be able to see it. This is a clearly a 0+1 scenario. Applicants will not be able to seecategory1
so long as they are just applicants.if you want a role that only does one thing, clear all permissions except that one thing. That is a good way of preventing mishaps.
Not sure I understand, but you want applicants to be able to post with
add
permission, but not see the category? but the discussion controller will check when that user has a permission toview
discussions in that category, which is usually where they are directed next.If you want an ability for user to post discussions that they can't see, this would have to be done with a plugin.
I'm not sure how
client2
fits in.If you are running consultancy I'm guessing you are wanting
client1
andclient2
to be mutually exclusive unless there are collaborating. it could be a bit tedious to assign users, categories and permissions in each case unless it automated. Besides there is some cross over with the conversations (PM) app, in which you specify the recipients, in the conversation.grep is your friend.
@x00 thanks for your elaborated answer. The comment about the add permission on Applicant was because that role has add permission by default, but as you said: I have to remove that and the view permission too. I don't see the point of posting messages to something a user can't see
Thanks again!