Wedge

I'm just wondering what board moderators are allowed to do that is, or is not included in the moderate_board permission...

can_mod is "do I have access to the moderation center[1], or am I allowed to moderate at least one membergroup or board, or approve posts to some extend?"

Instead of the other way around... In that respect, I don't know why Load.php has $context['allow_moderation_center'] = $context['user']['can_mod']; at some point when it should be using the permission, directly...

And the ONLY place it's used (although it's repeated a couple of times), is whether the user can see the Warning button on a userbox...
That smells like "REMOVE!" to me...

The UI could be better, I think.
For instance - just an idea - one could simply 'hide' them profiles at first. You set up permissions for a board. Then when you create or edit another board, you get the ability to apply another board's permissions. At which point, its permission profile is used. Otherwise, a new permission profile is created for the new board. Only problem is the 'default' name for these profiles.

I love how you are quick to adapt! Earlier today you said you'd never heard about it.

There's another thing with inherited board permissions. We absolutely need to document this in a Help icon or something. Have something right next to the option list, saying what they'll do. I always, ALWAYS get confused between copied permissions and inherited permissions (i.e. nothing is copied, just using the original's on the fly). Perhaps we ought to rename the terminology. "Copy permissions" and "Mirror permissions", maybe...

We'll probably have to leave it at that for the first versions. There's no time to deal with that, and the SMF importer will get the original permission profiles anyway, so people are likely to have already solved their permission problems already... (It's for new users that it gets annoying.)

leave 'groups' in as a possibility? Can always be removed later...

- add a 'privacy_id' field?
- best solution for performance? What should the extra index(es) look like?

They get their name on the linktree, on the board index and their badge is altered on the fly.

They're also, silently, added to group 3 when in that board, which means you can do permissions checking in that respect.

Again that's the historical aspect. It was never supposed to be entirely based on the permission but showing you the area if you could do at least one thing there - much as you get access to the admin tab if you can do any of the admin like features (e.g. news, manage permissions, manage membergroups etc.)

Quote

And the ONLY place it's used (although it's repeated a couple of times), is whether the user can see the Warning button on a userbox...
That smells like "REMOVE!" to me...

DOOOO EEEET. Basically, yeah, it was a historical thing that was never quite realised the way it was intended.

Which is virtually how 1.1.x did it, except it still created proper per-board permissions rather than having discrete profiles.

I wasn't very clear on that point. I knew of the mod cache subsystem, but I wasn't aware of all the details and precisely what it covered - namely the ap element.

But combine the places it is used, with the knowledge of what it actually contains and it becomes rather clear (to me at least) what it was intended for. It's like having 3/4 of the pieces of the puzzle and then suddenly you find that last piece and it all suddenly makes sense.

Oh, it's horribly confusing, which is why I didn't even implement it in SimpleDesk but left it simply as the ability to copy a role, rather than to mirror it.

The other thing with the mirrored permissions is that most mods for SMF never used them properly - not even SimpleDesk got it right, and I don't believe Aeva did either.

(Case in point, I reordered all the groups on my one site to have a bunch of groups, one per user, for unique badges/titles because I'm like that. Each of these new groups was based on a higher group that controlled permissions - but neither SD nor Aeva responds to the child groups properly and I had to end up assigning the permissions in both to all the groups, not just the parent group.)

I like the idea but I'm concerned it would potentially lead to greater complexity.

I'm also not sure you can actually optimise it *that* far, though, and there's a lot of places that use ?topic in the URL to handle permission loading.

Storing it in the topics table is going to hurt. Storing it outside the topics table is going to hurt too, just in a different way, and neither is lightly ignored.

Putting it in the table as a textual id with a list of groups means the query becomes WHERE t.privacy = something OR (t.privacy = 'groups' AND FIND_IN_SET(...)) which is expensive enough.

Meanwhile, putting it in a separate table means either a subquery, or a join, both of which being applied to potentially every topic in a board (or worse) to validate access is going to get very unfriendly very quickly.

I don't think you're crazy, but I also don't think there's a good way to achieve this meaningfully for topics.

Regarding applying it to thoughts, I'd actually be inclined to handle that in permissions (permission to post, permission to read, permission to read replies, permission to reply, etc.)

Which I don't like, BTW... On wedge.org/new, we no longer have our Developer badges, because we're moderators. It sucks.

What permission checking? You mean do in_array(3, $user_info['groups'])?
Don't they automatically get all post/topic-related permissions, more simply?

Sure, but the admin area (which was never just only about administrators) isn't like the mod center, which was designed specifically to allow people to deal with whatever sub-par permissions they had, without giving them access to the admin panel.

This must be some kind of a joke... I mean, moderators get the 'right' to see the Warning button, but then if they try to click it (from what I gather), they'll get kicked out because area=issuewarning only checks for issue_warning perms to be set...
And AFAIK, this kind of permission isn't given automatically to moderators.

Yeah, and it's just simpler in appearance, but still the same under the hood...

Complexity internally? I don't think so. In the UI? Definitely.

So, what about it then...? Shall we use it in query_see_topic?

Tell you what. How about you look into it a bit? Now that my work is committed, you may want to simply deal with it by yourself, because nobody will deny you the fact that you're one of the most knowledgeable SMF/Wedge devs when it comes to permissions. And optimization.

Mirroring is still a great thing. I mean, it allows you to give someone a different membergroup name, even if it's the same group in the end.

So, do you think we should rename..?

I'm not sure what this implies.

Although I could imagine people wanting to send to multiple contact lists, which sort of defeats the concept of having a select box for privacy...

When it comes to contact lists, would be a sub-select. (Pretty much like what UltimateProfile does...)

Now, of course, this performance issue would only happen for members (guests and admins are easily discarded), and only for topics/thoughts where a non-default choice is set... (And when it comes to topics, it's always fast enough to scan that table innit?)

SMF team already complained enough about the performance killer that is m.approved... Heck, it's just a simple flag...!

I don't see how/why...

topic has privacy set to contact list = 42.
user is in contact lists 41 and 42.
user wants to view. Test is done on "privacy=contacts_41 OR privacy=contacts_42". Well, obviously that would make a VERY long query if user was in thousands of contact lists, but then we're pretty sure it's only ONE field that's indexed... Even if it's a string field by now.

There is an override in loadMemberData that if you're an admin, the badge won't be overridden by the moderator badge.

They do get all the related permissions automatically,

but on top of that a plugin or whatever can expressly check for being a moderator with that in_array check, should they want to do so (as opposed to checking allowedTo(moderate_board))

Hell yes. The biggest complaint I've had is taking into account approve-posts permission - and there it is, right there, pre-cached and 'dealt with' already.

Also, I thought you were still working on it at present?

I think renaming it would help, but I think overhauling the UI will help even more in the long run - but the rename is good for now.

The implication is that a surprising amount of places simply do not use the underlying functions to confirm access at all. I discovered this last night - Display for example does not itself do {query_see_board} in the topic to validate access to the topic, it relies on loadBoard having already done it.

Point is... make *sure* loadBoard is working correctly as far as access to boards goes, and to topics if a topic is specified, and that has a lot of knock-on effects, not just for display, but anywhere ?topic is in the URL (e.g. attachments, remove topic, just to name two)

See, the notion of having a single group or contact list never actually occurred to me, I assumed right off the bat that multiple lists was the aim.

I'm not nearly familiar enough with what UP offers, perhaps I should learn!

Right now, it's 'relatively' cheap. It's still fixed-length rows, but the minute a text field is added to it to contend with the whole aspect of multiple groups attached to it, it's going to get expensive (and the alternatives, like SET columns, aren't really good alternatives).

I understand the nature of their complaint on it - being a binary state field, you can't actually optimise it that heavily in an index. An index works best if it's selective, or at least sufficiently distributed such that picking a value excludes a sizeable percentage of the rest of the table. approved being a two-state field is never going to exclude vast amounts of the tableset so you never get any advantage out of indexing it.

We'd actually get more benefit from keeping an accurate track of moderated posts in a topic and topics with moderated posts in a board - so if there's nothing that has pending moderation status in that board or topic, don't perform that test.

Because you don't have to expressly store it in the table then. For example, if you handle 'view replies' as a permission, you can simply exclude massive portions of the table, very cheaply.

The test is really (privacy = contact AND privacy-list IN (user contact lists)), isn't it? Since the user's contact list will be part of the user's own data and thus available for query insertion?

I still don't like it. I don't like that you're forced to wear a Moderator badge when you should have the Developer or Boss badge. Teaches people some respect

Are you sure really...? I tried looking for 'issue_warning' for instance, and neither Load.php or Subs.php have it. Only ManagePermissions.php which seems to do some voodoo about it, but what does it mean? That once you're set as a board moderator, these permissions are assigned to you automatically, hard-wired style, visible in the database and all? And that these permissions are removed when your status is removed?

Confusing, really... More confusing than the allowedTo().

Can you share your opinion on this? It's untested...

After all, it's not like adding query_see_topic will break anything. It can be done gradually

I wouldn't be able to determine what's best, between "mirror from profile..", "mirror profile", "alias of profile..." or whatever makes sense.

Hmm, well... As long as it works...

I'm afraid I still don't get it. But don't bother...

But, for some reason that escapes me, I ended up removing the feature (possibly because it was seen as too complex?), so here are are.

I just said that if we have to store an extra integer for the contact list ID, then we might as well enable Wedge to store a group ID in that same place...

Let's just say that UP has three good things

I see... I imagined that varchar fields only made the index bigger, not slower, than an integer field.

Hmm. So the same problem awaits us. A vast majority of topics and thoughts are gonna be public, so granularity or whatever will not be to our advantage...

Err, yes? I suppose so...
So it's faster, then? Indexable?

Sadly, no. If it never checks for being enabled or not, but always checks anyway, there's a performance hit attached. It's just not one you can avoid by turning the feature off...

That's really more of an SMF issue; in their case, post moderation is a very specific feature, disabled by default, so you get penalised by default whether you use it or not.

In our case, I'm really expecting users to use it more than SMF users make use of post moderation,

Well, if it's turned off, m.approved should no longer be tested against, should it...?

...Unless you never enable it..?

Is it enabled by default in here?

Quote

Well, if it's turned off, m.approved should no longer be tested against, should it...?

No, it shouldn't.

No, you're still penalised either way. If you never check for it at all, you're basically assuming it's enabled whatever - and with the performance issues attached.

No. But in any case, moderation filters is quite a different beast. The way postmod_active works now is that if there are any rules to be applied (of any kind), postmod_active is true. No rules to apply (of any kind) = no post moderation. So there's a performance gain potential if you *never* use that feature.