Granular group-based permissions for anonymous and logged in users

News and Events הודעות
1

There has been a historically confusing pseudogroup called @everyone within our codebase, which can be used for:

  • Site settings which are of the group_list type
  • Category permissions
  • Tag groups

In some cases people are taking @everyone to mean “all anonymous and all logged in users”, and others are taking it to mean only “all logged in users”, where the reality for site settings is that it only means “all logged in users” in most cases.

Further muddying the waters is the fact that this @everyone group can be used on site settings where it makes no sense for “all anon and logged in users” to have access to the feature, such as pm_tags_allowed_for_groups.

This is also confusing from a feature flagging and developer experience perspective, since for some upcoming changes or other settings we may truly want to enable them for “all anon and logged in users”.

Solution

We are introducing two separate automatic pseudogroups:

  • anonymous (ID 4) - Represents anonymous users visiting your site with no account
  • logged_in_users (ID 5) - Represents all logged in users to your site, similar in effect to the trust_level_0 automatic group, but more specific

These have already been introduced, but will only take effect when the granular_anonymous_and_logged_in_groups_permissions upcoming change is enabled on your site.

When the upcoming change is enabled, any setting with everyone as a selected group will have it automatically translated to the logged_in_users ID, so no data in the site settings table will be changed when toggling the upcoming change. When the upcoming change becomes Permanent, we will do a data migration for all group settings to make this change.

In addition, we have marked anonymous as a disallowed_group for several site settings where it makes no sense, for example personal_message_enabled_groups.

image
image1217×205 51.6 KB

What about tag and category permissions?

These permissions will be unchanged, since their concept of “everyone” is different in a few ways and doesn’t rely on the underlying automatic group.

3 לייקים
3

Wait… what :flushed_face: Does that mean all categories that are now public (everyone) will change to closed ones requiring login, when that is enabled?

4

No, because:

This only affects group list type site settings that currently allow you to select “everyone” like so:

image
image909×273 54 KB

לייק 1