Read Only Users?


#1

Hi There

Is there a way to make a User Read Only?

Some Context: We have a site closed site integrated to our Customer Portal, but would like to be able to make some give some users read only access (can’t create a topic and can’t post). I’ve tried using Access Level One which allows me to prevent them from Creating a Topic, but they can still post. I also tried Blocking the user, which seemed fine but gives a notifiication that they have been blocked which isn’t a good message to give the users, and seems to be miss using this function.

Is there any way built in to have a Read Only User, or alterntively can we change the “Blocked” message easily in a plugin?

Pete


(Joshua Rosenfeld) #2

You shouldn’t need a plugin for that. I am fairly certain you can customize it via the Customize text system…I am not at my dev PC at the moment, however, so I cannot verify this.


#3

Thanks for your super quick response - I didn’t know you could change the text. That seems to work really well!


(John Kennedy) #4

I believe I did it before on the community, just forgot…


(Michael Downey) #5

Couldn’t you:

  • Disable uncategorized topics,
  • Change category permissions so that everyone can only “See”, and
  • Restrict category permissions (Create/Reply/See) in all categories to either a group that you manage membership for, or a higher trust_level?

(Joshua Rosenfeld) #6

I’ve seen this idea come up a few times now on Meta. Someone is running a closed site, needs to give limited access to a user (or small group), and there isn’t exactly a straight forward method to do so. Right now, with category permissions you can give different permissions for different groups of users. If I am not mistaken, if a user is part of multiple groups, they get the broadest permissions available.

Example: Category XYZ is set up so everyone can see, TL3+ can see and reply, and staff can see, reply, and create. If a user is staff, they get all permissions, despite being part of everyone and (maybe) TL3+.

What if there was a way to force permissions for a user based on a specific group?

For example: Category ABC is set up so that everyone can see, reply, and create, and Group random_restricted_users can see. By definition, everyone in Group random_restricted_users is part of everyone, so they have full permissions. Could there be some type of toggle to force those in Group random_restricted_users to follow the group permissions, and not inheret any others? (Staff should be immune to this to prevent locking oneself out of a category).


(Felix Freiberger) #7

I think this “forced group” principle is quite hard to fully grasp. If you really want a finer permission control system, I think that allow and deny permissions are the right way to go:


(Joshua Rosenfeld) #8

@fefrei: That would indeed be a lot simpler to grasp. Regardless of the implementation, a system to make a small group read-only without putting all other users in a group is needed.


(Jeff Atwood) #9

We really don’t want that.


(Peter Bäckgren) #10

I wonder if there’s a good way of doing read-only users by now? Couldn’t find anything although one of the initial posts about blocked could perhaps be used as a not-so-pretty-way.

This was a really good post:

For example: Category ABC is set up so that everyone can see, reply, and create, and Group random_restricted_users can see. By definition, everyone in Group random_restricted_users is part of everyone, so they have full permissions. Could there be some type of toggle to force those in Group random_restricted_users to follow the group permissions, and not inheret any others? (Staff should be immune to this to prevent locking oneself out of a category).

I’ve done my fair deal of permission systems in my days and the best ones tend to get very complicated (well, simple really but almost always end up with inheritance/recursion models which not every coder in the world seems to be able to grasp). So a finer permission control system isn’t needed but forced permissions (no inheritance) or negative inheritance (don’t ask if you don’t get it :slight_smile: ) would be waaay useful. With Discourse it feels like I have a different key for each door in my house if you permit an analogy. Don’t get me wrong, I absolutely love Discourse.

I’ll give a few examples of what we need or what we have created workarounds for. Might explain needs better. No need to give me “better” solutions to how we have done it. Some things might have been done before Discourse had possibilities that are/were better and we are fine with that. Again, everything from here onwards is explanatory…

We use sso for everything. One of the sites has a top level with all the general information and closed off sections for different groups.

We want people to be able to come in and look at the closed off section only, not drown in how Discourse works compared to other forum software etc. So a read only user for one category only would be nice.

We need to allow people to post anonymously (and as much as I hate that, i.e. we almost force people to use their own name and not aliases). Rare, I admit, but perhaps I should give a few examples… Sensitive information (especially about children, parenting groups) and “new ideas” (which might collide with your current employer or maybe it’s not good to show your current employer you are considering other options).
Discourses current way (haven’t checked since Summer 2016 really) isn’t good enough so the sso solution uses a pool of anonymous users that get all links destroyed after a few hours. Basically you can get back in and continue commenting retaining your user for a while. After that all links are destroyed to guarantee you are anonymous (without major ip address, log searching, sleuthing, operator help etc). This anonymous approach still requires you to be a registered user though, hence the need for read-only.