Jump to content

Feature reguest: request Group Membership

Owdy

By Owdy
in Feedback

Recommended Posts

Wolfie Grand Master

Wolfie

Posted
Posted

Show me the mod where a user can request to join a secondary group. At the end of the day that's what it's all about. The ability for a user to request to join a secondary group, or simply join a secondary group of his choosing.

You're trying to split hairs while ignoring the obvious. No matter how you do it, the requesting to be given access to a certain group is still the same because, well, it's requesting to be given access to a certain group. All you're doing is showing that you're unwilling to admit that detail. You also missed the part where I mentioned that I'd like for it to be a built in function but let's be real for a moment. Is there really a business benefit for it? If it can be demonstrated how it would be a big benefit to businesses or to communities with a large member base, then you might make some progress in convincing the IPS developers to include it as part of the core product. As for me, yeah I'd like it to be included, but at the same time, I know that it's a 'want' and not a necessity. Find a way to prove that it's a necessity, not for you and a few others, but for a large number of fellow clients, and you'll improve the chances of it being added as a built in feature.
Link to comment
Share on other sites
Reality Extractor Newbie

Reality Extractor

Posted
Posted

You're trying to split hairs while ignoring the obvious. No matter how you do it, the requesting to be given access to a certain group is still the same because, well, it's requesting to be given access to a certain group. All you're doing is showing that you're unwilling to admit that detail.


So, which mod allows my users to request access to join a group?
Link to comment
Share on other sites
bfarber Grand Master

bfarber

Posted
Posted

Guys - if this topic keeps spiraling, I'm going to lock it eventually, and I'd rather not. The request has been made and points have been made as to why some would like it and some don't feel it's necessary. Let's everyone agree to disagree about whether it's needed or not.

For our part, we've heard the suggestion. I can't promise one way or the other if we will build this functionality in the future at this time.

Link to comment
Share on other sites
  • 2 months later...
Reality Extractor Newbie

Reality Extractor

Posted
Posted

Now that I have had some time to have my users evaluate the currently available option to add users to a secondary group I would like to share what we have found;

Currently the only way to allow someone to add/remove a user to/from a secondary group is to allow admin cp access. The admin cp access can be limited to Manage Admin Restrictions -> Admin Restrictions -> Set Restrictions -> Members -> Grant Access to Member Application (checked) -> Grant Access to Member Module (checked).

Now, intuitively the next option would be to check Can move members to other groups? - however, that option does not work unless Can edit members? is also checked.

If Can edit Members? is checked, then the person who's only function was supposed to be to add/remove a user to/from a secondary group is now allowed to change their display name, login name, password, email address, primary group, user title, and so on.

This is solution isn't a workaround as it is completely unacceptable that one person who isn't affiliated with the forum in any way other than (s)he just happens to be the leader of a user group that decided to use the forum is now all of a sudden able to view the email addresses of all members, and edit the settings of all members.

But wait, there is more!

Because that user is now a member of the Admin group, (s)he has read access to all private subforums present on the forum whether (s)he is a privileged member of the group that those private forum sections were created for or not.

I cannot recommend to anyone that they go this route because even with admin restrictions in place your users are now all exposed to the person that you only want to be able to assign secondary group memberships.

On my forum I have lost a couple hundred active users who left the community in frustration over the inability to assign group memberships. I cannot recommend IPB to anyone who's forum relies on secondary groups.

Link to comment
Share on other sites
Wolfie Grand Master

Wolfie

Posted
Posted

Because that user is now a member of the Admin group, (s)he has read access to all private subforums present on the forum whether (s)he is a privileged member of the group that those private forum sections were created for or not.

This part is easy to fix, just use a different group to grant ACP access and make sure to assign it to use a generic permission mask instead of one for admins.
Link to comment
Share on other sites
Dmacleo Mentor

Dmacleo

Posted
Posted

this would actually help me with an issue I have with nexxus not allowing a item not shown in store to be purchased by link.

member requests permission to join group (like vb and smf does) then admins grant or deny it. if granted member can then see the product in the store and buy it as its only shown to that granted membergroup.

Link to comment
Share on other sites
Reality Extractor Newbie

Reality Extractor

Posted
Posted

This part is easy to fix, just use a different group to grant ACP access and make sure to assign it to use a generic permission mask instead of one for admins.

True, I hadn't though of that.

Another issue I didn't think of though is that those who were supposed to only add members to their own secondary group can also add any member to any other secondary group, including adding themselves to the Admin or Super Mod group which then negates the generic permissions you suggested. They won't have admin powers without those permissions having been explicitly granted, but they can at least access all subforums even those they weren't supposed to have access to. This whole thing is a giant cluster duck. :(

Link to comment
Share on other sites
Wolfie Grand Master

Wolfie

Posted
Posted

True, I hadn't though of that.


Another issue I didn't think of though is that those who were supposed to only add members to their own secondary group can also add any member to any other secondary group, including adding themselves to the Admin or Super Mod group which then negates the generic permissions you suggested.

Um no, that's what ACP restrictions are for. You can prevent some (or a group) from being able to do anything that affects admin access. This includes promoting people to admin groups, demoting from it, editing members who are admins, etc etc etc. You have to make sure you cover it all but it can be done.
Link to comment
Share on other sites
Reality Extractor Newbie

Reality Extractor

Posted
Posted

Um no, that's what ACP restrictions are for. You can prevent some (or a group) from being able to do anything that affects admin access. This includes promoting people to admin groups, demoting from it, editing members who are admins, etc etc etc. You have to make sure you cover it all but it can be done.

You cannot prevent someone who is supposed to be able to add a secondary group from adding themselves, or someone else, to a specific secondary group. So if I have a sports team, and I assign someone acp access so he can move forum members in the secondary group for that sports team. The person with acp access has to have "can edit members" and "can move members to other groups" permissions. There is no way to restrict which "other" groups the guy with acp access can move members to. Because of that he can move members (and himself) into any other groups that are supposed to be private to the members of that group.

This creates a situation where the secondary group functionality becomes quite literally useless if there is any kind of sensitive/private information supposedly accessible by secondary groups. Things like team strategies, investment tips, etc. etc. etc. come to mind.

In addition I find it completely unacceptable that someone who's only function is supposed to be to move a member to a secondary group has in effect access to my entire customer database because (s)he can view (and thus save/copy) the email addresses of all my members. Think about it.

Link to comment
Share on other sites
Wolfie Grand Master

Wolfie

Posted
Posted

You cannot prevent someone who is supposed to be able to add a secondary group from adding themselves, or someone else, to a specific secondary group. So if I have a sports team, and I assign someone acp access so he can move forum members in the secondary group for that sports team. The person with acp access has to have "can edit members" and "can move members to other groups" permissions. There is no way to restrict which "other" groups the guy with acp access can move members to. Because of that he can move members (and himself) into any other groups that are supposed to be private to the members of that group.

So what you're saying is that someone can add an ACP group to the secondary permissions even if they're not supposed to be able to give/edit/remove ACP access in any way? If so, then it's a bug and needs to be reported. When you restrict someone from being able to grant/modify ACP access, they shouldn't be able to do it, not even with secondary groups. It's as simple as that. Granted, there are other ways to achieve the same goal unless you lock down the ACP something fierce, but using the member editor tool as it is, it shouldn't be possible. Like I said, if you're saying it is, then it's a bug.
Link to comment
Share on other sites
Reality Extractor Newbie

Reality Extractor

Posted
Posted

So what you're saying is that someone can add an ACP group to the secondary permissions even if they're not supposed to be able to give/edit/remove ACP access in any way? If so, then it's a bug and needs to be reported. When you restrict someone from being able to grant/modify ACP access, they shouldn't be able to do it, not even with secondary groups. It's as simple as that. Granted, there are other ways to achieve the same goal unless you lock down the ACP something fierce, but using the member editor tool as it is, it shouldn't be possible. Like I said, if you're saying it is, then it's a bug.

Not this isn't about ACP access.

GroupLeaderA is a member of GroupA, which is a secondary group, and allows access to a private sub-forum that only GroupA members are supposed to have access to. On the same forum a large number of other private subforums exists for other groups.

The way IPB works is that in order for GroupLeaderA to be able to add members to GroupA is for him to have access to "can edit members" and "can move members to other groups" in the ACP. This access has been granted.

The result of granting this access is now that GroupLeaderA has access to 100% of the member information of every single member of the forum (in effect having access to 100% of my clients). In addition GroupLeaderA can assign any secondary group to any member, including himself. This means that GroupLeaderA can add himself and others to GroupB, which he has no business doing because GroupB has a reasonable expectation that the content they post is private to GroupB only.

Between these two "features" IPB is completely unsuited for forums that have the functional requirement to have private subforums for secondary groups.

Link to comment
Share on other sites
Wolfie Grand Master

Wolfie

Posted
Posted

Not this isn't about ACP access.

We're talking apples and oranges here. What you quoted from me (above) was my pointing out that you can prevent someone from editing a member in a way related to ACP access. ie, limit someone from giving or removing ACP access. I wasn't saying that you can pick and choose which groups each person has control over.
Link to comment
Share on other sites
  • 3 months later...
m3rk0rd Enthusiast

m3rk0rd

Posted
Posted

Guys - if this topic keeps spiraling, I'm going to lock it eventually, and I'd rather not. The request has been made and points have been made as to why some would like it and some don't feel it's necessary. Let's everyone agree to disagree about whether it's needed or not.

For our part, we've heard the suggestion. I can't promise one way or the other if we will build this functionality in the future at this time.

I support adding the functionality. My site depends heavily on secondary groups and my users are frustrated they cannot control who has membership in certain secondary groups. Thanks for listening!

Link to comment
Share on other sites
m3rk0rd Enthusiast

m3rk0rd

Posted
Posted

I take it like==yes.... got a client in a bad spot where he is basically forced to grant acp access for reasons similar to this, as such I work on a mod to do that.

Were you able to create a mod for this? I have kept an eye on the Marketplace but haven't noticed anything. I'd buy it in a heartbeat.

Link to comment
Share on other sites
  • 3 months later...

Archived

This topic is now archived and is closed to further replies.

Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Invision Community © 2024 IPS, Inc.
×
×
  • Create New...