When adding the groups permission restrictions alongside “Everyone can” (do everything) the permission vanishes.I guess somewhat unsurprisingly because there’s already a permission stating that “Everyone can do everything” that super cedes their permissions rule.
So at a glance it looks like in order to get this to work I would need to remove “Everyone” from 90% of the other cats and sub cats and then add back level 0 can, level 1 can, level 2 can, level 3 can, level 4 can, BUT this group cannot.
That’s going to be a fair amount of work - is there a more elegant solution to this? I feel like I might be holding the stick by the wrong end or something.
So it sounds like if there are any categories that should be accessible to “everyone,” then you’ll need to remove “everyone” from the other categories.
You don’t need to add “l1” and “l2” since “L2” by definition includes L1.
Most communities have most categories open to everyone. If your community is one where most people are not full members and are excluded, you’ll need to remove everyone from all of the categories. If there are more than a dozen or so, you might want to search here to find out how to use the Rails console to act on a bunch of categories at once.
Thanks, I’ll look into the console to make it less painful, do you happen to know if the trust level “Can do” would override the group setting?
Example is I have categories 1-10.
I want to restrict “Group A” to category 3 for creation of posts and topics and have it so they can “see” everywhere else, categories 1-10.
If “Group A” has for instance Trust Level 2 assigned to it through the:
Trust Level
Trust level automatically granted to members when they’re added:
Setting then do you think that “Users level 2 CAN post to categories 1-10” will render the group setting useless? If you’d need to go away and test don’t worry about it of course, just if it’s off the top of your head and you knew. I can test it when I get in but I have a creeping suspicion that discourse is going to let them through nature of their trust level post everywhere else as well.
Which means to get that to work in theory would need a hard segregation of users over trust levels across the whole site and killing of organic trust level promotions.
There are several default groups that represent the trust levels, e.g. trust_level_2 which contains all users at trust level 2 and above. Use those where possible as they are managed for you.
Create a group “Vendors” lock that group at TL0 or TL1. When a Vendor joins, lock the user at TL0 or TL1. Give TL0 read/reply access to the Vender Agenda category.
But you’ll still need to remove everyone from the trust levels of all the categories.
Make the TL1 (or TL2) permissions such that your normal users won’t be locked out for long.