Page 1 of 1

phpBB permissions... this dont seem to work?

Posted: Tue May 20, 2008 4:35 pm
by Ornette
I thought I'd try a tactic to hide forums from view (other than by mods & admins), but to still let individual topics/posts be seen,

by setting "View" to MOD and "Read" to ALL

but it dont seem to work like that? Why is this? am I doing something wrong?

Example here
http://www.classifiedlistening.com/foru ... c.php?t=31
this is a link to a thread on my test forum, a thread which is held in at f=2, but with those settings above, no normal users can see the thread.

Would like to know if I can get this to work

Re: phpBB permissions... this dont seem to work?

Posted: Tue May 20, 2008 5:52 pm
by Jim_UK
What you are trying to do is not possible.
If the forums are not there to view then the topics can not be read as there would be no link to them.

You would have to provide links to the topics that you wanted "All" to be able to read.
This does sound a very strange thing to try and do. Can I ask why - what the purpose is.

Jim

Re: phpBB permissions... this dont seem to work?

Posted: Tue May 20, 2008 8:54 pm
by Ornette
Jim_UK wrote:What you are trying to do is not possible.
If the forums are not there to view then the topics can not be read as there would be no link to them.

You would have to provide links to the topics that you wanted "All" to be able to read.
This does sound a very strange thing to try and do. Can I ask why - what the purpose is.

Jim
Yes that is exactly what I am trying to do.

Im just trying to sort out a content backend for a website. I.e. I wanna implement some blog technology, and pull up info from threads and display on the main site. But I dont want access to it to be provided via the forum.

Hiding the viewforum.php from all but mods & admins is what I wanna do, but then, allow the threads contents displayed on the main page.

I've got another method to work around this, but really, I want to be able to do this via permissions, like what auth_view=mod / auth_read=all would suggest I could do!

Re: phpBB permissions... this dont seem to work?

Posted: Tue May 20, 2008 11:26 pm
by ChrisRLG
I have done this with v3 but not with v2.

Check out the link below to my v3 forum - and see if you can find the topics the website pages are made from.

Yes they are in the forum, but unless you have a direct link, you cannot get to them without moderator status.

The way I did it is to have the room readable, but not viewable, and have it as a sub of a room they have no permissions for in any way.

As it is readable the topic will display for them to view. I also used another room with registered status required to provide one of the pages so it was only available to registered users.

That might be a good reason for you to upgrade to v3.

Re: phpBB permissions... this dont seem to work?

Posted: Wed May 21, 2008 5:23 pm
by Ornette
ChrisRLG wrote:I have done this with v3 but not with v2.
Thanks for your reply chris. It seems to me that I have found a bug in the phpBB2, if auth view is not just to define view access to a forum then what is it for?

I thought I'd ask because I thought that maybe it was disabled or something at some stage - as I just recently noticed auth checking on the forum "jump box" is commented out, in 2.0.23 at least. Perhaps someone decided that auth view was a security risk and changed its behavior or something

Now I did say I had a work around, although it would be good if I could resolve the problem in the manner I have described. Butn o, what I have done is implemented a sub-forum mod putting them 'content' forums inside a parent forum, making that parent forum permissions to mod & admin only...

It stops the sub-forums being directly accessable at least, which I what I want, hidden to the public unless you guess the forum id ;) hehe... Its not perfect but it's hidden enough for my purposes I guess.

So if this is not a bug, what is it, a design oversight?

As for phpBB3, well I'm having too much fun with phpBB2 already! saddened by the early retirement, as I have said elsewhere, I had only just gotten into it all haha! But the next forum/site I start, I'll do it with v3 instead ;)

Re: phpBB permissions... this dont seem to work?

Posted: Wed May 21, 2008 5:49 pm
by Jim_UK
View access allows the user to see the forum - Read access allows them to -- well "Read it"

I am not sure why you think that is a bug - I doubt if anyone would have considered anyone wanting people to be able to read the contents of a forum that they can not even see as existing!

Jim

Re: phpBB permissions... this dont seem to work?

Posted: Wed May 21, 2008 6:15 pm
by Ornette
Well, conversely, why would anyone want to see the contents of a forum, but not read it?

Chris and I have given examples of why such behavior would be wanted, I don't see why it would not make sense to anyone to assume 'auth_read' means yes you can read a thread, i mean, "auth_sticky" doesn't mean you can make a forum 'sticky' now, does it

Think its a bug, imo

Re: phpBB permissions... this dont seem to work?

Posted: Wed May 21, 2008 6:20 pm
by Jim_UK
Ornette wrote:Well, conversely, why would anyone want to see the contents of a forum, but not read it?
That is often done as an enticer to register. If prospective users can see that the forum exists but they have to be a member to read the contents ----- agreed?

Jim

Re: phpBB permissions... this dont seem to work?

Posted: Wed May 21, 2008 6:59 pm
by Ornette
Hmm I guess there are reasons for both... ;) I must say, I don't think that the two permissions shouldn't be exclusive though, auth_view in this instance is having the properties of viewing the forum & reading the posts here...

Maybe I will see if I can figure out where in the code this is calculated, if I can figure a 'fix' I'll post it here... Maybe it can be added to 2.0.24

(2.0.24? am I crazy? :lol: )

Re: phpBB permissions... this dont seem to work?

Posted: Wed May 21, 2008 10:48 pm
by ric323
Ornette wrote:Maybe it can be added to 2.0.24

(2.0.24? am I crazy? :lol: )
phpBB2 has been "feature frozen" for two years now. Updates are ONLY released if there is a security problem discovered.

Re: phpBB permissions... this dont seem to work?

Posted: Thu May 22, 2008 10:19 am
by drathbun
The typical approach is to simply retrieve the info from the database and display it yourself on your extra pages, that way no phpBB permissions come into play at all. You appear to be wanting to take a shortcut and have the page viewtopic.php used to display the content from a link on a page other than viewforum.php. That's not really the way it's intended to work. :)

The code to check authorization in the jumpbox has been removed for ages. Rather than using the specific permissions to display hidden forums, the jumpbox is quite simply restricted to show only public forums. The line of code that checks that is further down in the code.

As far as view versus read being a bug... in my opinion the permissions are graduated. Meaning you must have VIEW before you can have READ, otherwise it does not make sense. :) View permissions are used (as Jim_UK suggested) to determine if the user can see the forum name. Read permissions are required to actually open and "read" the forum contents. For your own board you might be able to fix this with a very simple change in viewtopic.php:

Code: Select all

if( !$is_auth['auth_view'] || !$is_auth['auth_read'] )
{
Simply remove the check for auth_view and leave only auth_read instead. Don't know if that will work, but it's a start.

Re: phpBB permissions... this dont seem to work?

Posted: Wed May 28, 2008 1:40 pm
by Ornette
drathbun wrote:The typical approach is to simply retrieve the info from the database and display it yourself on your extra pages, that way no phpBB permissions come into play at all.
Thanks for your reply Drathbun. Your page on the phpBB tables has been an invaluable assistance to me over the last few weeks. Excellent reference - very much appreciated!

Having explained the rationale behind the forum permissions, I can see that having auth_view as an over riding property is probably the wise approach by yourselves. Making sure the one permission overrides the others prevents any oversights and I suppose anyone in a normal instance would expect it to prevent any of the others having an effect. So, not a bug :)

Regarding my query, I have been using the phpBBfetchall scripts to access the phpBB database. Being, at the time, I had no skillz at php in general, this was a simple way for me to get what I wanted done. Its probably a better way than using SQL directly, I prefer that all the error handling is done by the phpBB system itself. This is why I would want access to threads that are hidden in forums inaccessable to normal users.

Your solution looks very simple and I may very well just enable that approach to get the effect I am after! At the moment, I *have* managed to achieve a work around as mentioned, by using a 'sub-forums' mod - so we'll see.

Only one thing annoys me about it at the moment - when I disable the forum it completely breaks my main site page! the phpBBfetchall scripts return the "Sorry, but this board is currently unavailable." screen destroying all other content on my page :lol: What a pain