How Complex Are Category/User/Group restrictions?


(LovePeaceLight For Joy) #1

If I setup:

Group A =
User B, User C

Group X =
User Y, User Z

(not in a group or in a general group (dunno how specifically discourse does groups))
User M

Category L

1. Can I:

restrict Group A to Cagetory L

such that:

UserM or anyone in Group X doesn’t see Category L?

1a. If it can’t be hidden

Can they (UserM or anyone in GroupX) at least is unable to collaborate in topics/comments?

1b. if it can be hidden:

Can User C be restricted from Category L while remaining in Group A?

Question 2

Is there a kind of Public/Private configuration available for categories?

e.g. setup:
Category R, Category S, Category T

set Category R and Category S to be “must log in to see this”
set Category T to “anyone not logged in sees this”

thank you!

I don’t have anything I’m specifically setting up just yet. I want to understand how it works first, so I plan around what it is capable of, rather than fighting against “what is” when I get that far.

p.s. I’m LOVING the customized Discourse classroom I’ve been a part of, but I’m just an end user not an admin, and I can’t really make wild assumptions because it’s been customized.


(Mittineague) #2

Hi LovePeaceLight welcome to the forum

Maybe the easiest way to understand would be pseudocode? eg. category permissions allow privileges based on group membership
if (current_user.has_a_group_id IN category.allowed_group_ids) {
it is not
if (current_user.does_not_have_a_group_id IN category.disallowed_group_ids) {

For example, say there are four members:
all are in the “everyone” group
userTin is in the “tin” group
userBronze in the “bronze” group
userSilver in the “silver” group
userGold in the “gold” group

The “metallurgy” category has
bronze - see (read)
silver - see, reply
gold - see, reply, create (start topics)

Only members in those groups will have access to the metallurgy category and they will have only the privileges of their group.

IMHO, that works well. Where there may be a problem is if what is wanted is that a category exclude a group.

For example, the “alchemy” group is open to everyone except members of the tin group. The only way to achieve this is to have an “all members except the tin group” group and give that group category permissions.

There currently is no “group query” UI that could make the process easier (if there was, it would make it too easy - it’s not something to be done casually) but I’m sure a CLI command could be put together if it was absolutely necessary.


(LovePeaceLight For Joy) #3

perfect, thank you so much for taking the time

and thank you for “speaking code”


(Mittineague) #4

I forgot the “must be logged in” vs. “anyone not logged in” question.

The “everyone” group is all visitors, registered and logged in or not. The “trust_level_0” includes all registered and logged in members.

To have a “must be logged in” category, remove the everyone group and add the TL0 group.

The “anyone not logged in” would be the everyone group, but it would also be open to logged in members, not an “instead of”.