How to change the security/permission settings of staff category?


#1

The staff category is seen to all the staff members (which includes the moderators)
I don’t want the moderators to see the stuffs that I have inside the staff category (like the FAQ page, TOS page etc.)

So, I thought of changing the “Staff” category permission and this is what I can see there

So, it is not letting me change the permissions. Rather it says that I should be deleting the category and then create a new one if I want to change the permissions.

Will this work

  1. Create a new category named “staff2” with right permissions (just the admin should have access to it)
  2. Move all the topics from staff to staff2 (just those 7 default topics, nothing else)
  3. Delete the staff category.
  4. Rename “staff2” category to “staff”

My question:
The “About Us” page has links to the pages like TOS, FAQ etc. Since I moved those topics from the old staff category to the new staff category - will the links be broken? If so how to fix it?


Modify the category Authorization
(Bhanu Sharma) #2

Do You really need the default articles?

Theoretically the Process should work but I’d highly suggest that You better rebrand staff to something better if You are going to make a new category anyway!

We have a Moderators Category which is set to default to anyone who is promoted to Moderator or above.

Not sure if Permalinks etc can create Issues if same name is repurposed.

About the Links, Those can be edited in Your Forum’s Admin Settings (We Use static HTML Policy pages outside of forum so I know it can be done)

EDIT: Visit Settings > Legal There You can enter URLs for all three

Screenshot-2017-11-21 BeatParadise Forum


#3

Can you share the screenshot?


(Bhanu Sharma) #4

Added Above!

You can check under Admin > Settings > Legal (in the side menu)


#5

@itsbhanusharma
That’s exactly what I wanted.
Now I’m going to delete the staff category.


(Bhanu Sharma) #6

Glad to help.

Maybe try exploring admin settings sometime :wink:


(Daniela) #7

This DO NOT work. Staff category is hard coded inside Discourse, it’s not a normal category. You can rename staff2 to staff (via rails C, not via GUI) but if Discourse change something inside the original Staff category you will never receive the updates (e.g. in the years they have implemented basic thread for staff like site assets topic, topic for admins etc…). You will receive only the nginx perfomance report (if it’s active) and stop.
For personal experience, deleting the staff category is a very bad idea.


(Bhanu Sharma) #8

But I have it deleted in one of my forums and There had never been any bad consequences so far! :thinking:


#9

:heart_eyes: Here is an “awesome news” :heart_eyes:

I moved the TOS, Privacy policy, FAQ etc. from staff category to “a new category”. And nothing broke :slight_smile:
That’s all I wanted to do.
Now, the moderators are not going to see those pages. That’s all I wanted to do. :slight_smile:
Best part - I don’t even have to delete the staff category now. Let it be there. :slight_smile:


(Daniela) #10

In fact I said a bad idea, the only consequences I have now is that I do not have the standard threads of all other forums (for future admins). My primary problem was that I did not receive nginx reports.
However, it is best to avoid touching the staff category if you do not know what you are doing, so it is not easy to recreate it if necessary (imho).
For example my boss deleted it in 2013, at the time there was maybe only 1 thread I think (I do not remember exactly).
When we then decided to activate the nginx report we noticed the trouble that had happened.


(Bhanu Sharma) #11

You can get Nginx reports from the container as well!


(Daniela) #12

Sure, I can, but all other staff members who do not have access to the server can not.
Then who checks if there are problems, for example with links, since I’m lazy busy with other things? :yum:


(Bhanu Sharma) #13

That’s why they are staff members and not sysadmins! :thinking:

Ps: even if a staff member finds out something is wrong with nginx then they have to report it to the sysadmin for a fix. So the sysadmin is going to do the thing and look into all the logs visiting /var/log :wink:


#14

My problem is just the other way around: :confused:

For some reason, our Moderators cannot see or access the “staff” category (only Admins can), which is quite strange and does not fit with the documentation.
Neither me nor my Admin colleagues remember to have changed anything regarding this.

Any ideas on how to fix that?

OK, I managed to fix it manually by fumbling with the database:

# enter running Discourse container
./launcher enter my-discourse-app

# enter database
su -c 'psql discourse' postgres
-- get 'staff' category id
-- (via https://meta.discourse.org/t/reinstate-staff-category/52232/2)
SELECT * FROM site_settings WHERE name = 'staff_category_id';
--> 4

-- get 'team' group id
SELECT id FROM groups WHERE name='team';
--> 3

-- look up permission types at https://github.com/discourse/discourse/blob/master/app/assets/javascripts/discourse/models/permission-type.js.es6#L6
--> 1 = full access

SELECT * FROM category_groups WHERE category_id = 4;
--> No result! :confused: 

-- manually insert permission into database:
INSERT INTO category_groups (category_id, group_id, created_at, updated_at, permission_type) VALUES (4, 3, NOW(), NOW(), 1);

It seems to work now, but it did not feel quite right… Because of: