Parent category with more restrictions than subcategory

(Michael Pavey) #1

Here is where I have got to:

  1. Set up a new test instance of Discourse
  2. Created a category Cat1 and a subcategory Cat1a (let’s call them)
  3. Created a group Group1
  4. Set Cat1 permissions to “admins can create/reply/see”
  5. Set Cat1a permissions to “admins and Group1 can create/reply/see”
  6. Logged in as admin still, created a topic Topic1 inside Cat1a
  7. On the invites screen, invited a new user User2 by entering his email address (in fact, my email address with +cc before the @ sign) and selecting the Group1 group
  8. In a different browser, accepted that invitation
  9. Still as User2, went to my profile and changed my username and requested a password
  10. As User2, clicked the password link I received by email and set a password
  11. As User2, went to the homepage
  12. I was able to see Topic1 (though it had no mention of the category next to it)
  13. Clicking gives me a blank screen except for the header bar
  14. Hitting refresh gives me an entirely blank screen.

This seems like a bug to me. But is there something in the permissions I need to correct to make it work?

(Neil Lalonde) #2

Having a parent category that is more restricted than its subcategories causes problems currently. It’s a bug, although I don’t understand how this scenario is useful… Cat1a shouldn’t be a subcategory if you want it to be visible while Cat1 is restricted, imo.

(Michael Pavey) #3

Thanks! I changed the permission setting and User2 now has access to the thread as expected.

Here is the use case:
We are looking into using Discourse to help us foster private discussions between a project developer, who has multiple projects, and panels of experts. Each panel will be invited to discuss a specific project. So there are two tiers of access required:
Tier1: (certain) employees of the developer, who should have access to all the project spaces
Tier2a/b/c: discrete groups of individuals assigned to specific projects

My plan was to set up Cat1 as a space for all discussions for the developer, with a group Tier1 given access to both this and all subcategories. Then, set up subcategories Cat1a, Cat1b, etc. corresponding to the different projects, with group Tier1a given access to Cat1a, group Tier1b given access to Cat1b, etc.

Is there a better way?

(Neil Lalonde) #4

One idea:

Parent category (developer name?): Michael (everyone can read, only admins can post)
Subcategory: Employees Only (restricted to admins)
Subcategory: Project Name 1 (admins, and project 1 group)
Subcategory: Project Name 2 (admins, and project 2 group)

The Michael parent category could have public announcements, or no topics.

(Michael Pavey) #5

Great, thanks! I’ll give that a try, sounds like it should work.

(Alex Armstrong) #6

Is this bug still existing?

I just run into some permission weirdness. I have a category called Groups which is only accessible by admins and several sub-categories with their own permissions (based on group membership) for various standing committees. I just use the Groups category to organise the site, so i can get rid of it if required. At the moment it seems to prevent people from accessing the subcategory. They can access the topics, but they don’t have access to the subcategory itself. It’s kind of weird.

(Kane York) #7

Yeah, you need to give See on the parent to anyone who can See any of the subcategories.