Why users removed from a group still have their privileges?

If I add a user to a group I gave him an automatic trust level 3.

But if I remove a member he remains to TL3.
IMO if a user has been removed from a group, his TL must returns to his natural TL (that can be TL3, of course).

I can do that manually, because our groups are little (max 20 users for the primary group).
But if I have to do the same thing for a very big community, manage each user individually become frustrating.

Example:
An user left our forum, I remove him from the primary group, after 73 days (last visit) he still have TL3.
But if I see the requirements:

Is it possible automatically remove a certain TL when a user has been deleted from a group?

I believe they have the permissions for both of those separated. They’re treated like two separate groups, so you’d have to remove them from both manually unless you made a query to do that for you. I don’t see a way to do that automatically but I only looked for a minute. Maybe it was just not thought of when adding the promotion from group functionality.

1 Like

In this case maybe add a little “Warning” is helpfull. So an admin can decide to enable or not this functionality, and he knows that a certain TL is not automatically removed with the user.

That’s because I see today that some users removed a long time ago are still TL3.

Well at least for now, if you feel you’ll forget you’re able to modify the text of the settings box for your instance to add in that warning.

I haven’t experimented with any “automatically grant trust level” settings.

But AFAIK trust_level_3 is revocable… That is, after the “grace” period, if the qualifications aren’t met the account is removed from the group.

I believe the grace period is two weeks.

I’ll look at some code as soon as I can, but my guess is the problem involves referencing different timestamp fields.

Generally yes, but in this case this setting seems not works for users removed from a group.
Another example

Last visit 83 days ago, I removed him from the primary group something like 60 days ago. And he still have TL3.

Like I said, I can manage users manually, that’s not a big problem because we have a medium community but a very little number of users in our staff :smiley:

I’m asking myself how large community can do the same thing manually.

I think my confusion about that is if this is a bug or a normal behavior.

The few files I’ve looked at so far have conditionals testing for “locked”.
When you look at a members Admin page, is the TL3 locked?

3 Likes

Yep, it’s locked.
Now I understand why this members remains to TL3, thanks @Mittineague.

4 Likes

Ah, found it.

app/models/group_user.rb has this

  def grant_trust_level
    return if group.grant_trust_level.nil?
    if user.trust_level < group.grant_trust_level
      user.change_trust_level!(group.grant_trust_level)
      user.trust_level_locked = true
      user.save
    end
  end

I guess having the code not set locked to true could be done.
But if it wasn’t locked then any that did not meet the requirements would lose TL3 after the grace period.

I’m thinking it would be less work to unlock removed members than it would be to re-promote group members - if that needed to be done. Maybe if the locking was changed it would cycle through revoke - grant when the job ran?

4 Likes

Your imgur.com images are not visible (to me anyway). You might not know that you can just ^V to paste an image into the composer/editor here, obviating the need to post images somewhere else first.

Yes I know…a little incident on imgur in the morning and I delete an album… :disappointed_relieved:

Images reloaded.

2 Likes