PDA

View Full Version : Custom Forum Permissions


Sharingan_Okami
08-19-2014, 10:06 PM
Is it possible to allow guests to view a single thread if given the direct URL to thread.

But not allow them to browse through other threads in the same section unless they are registered?

If this can be done, please let me know.

tbworld
08-19-2014, 10:37 PM
Unfortunately, no with the default software. A guest can read any thread as long as the forum the thread is under has been given guest permission. You currently can create a separate forum for these special threads or post and give guests special access to them, but not at the thread or post level. Another guest could easily view some other guest's thread or post, by id, in this forum unless you obfuscate it through a modification.

You cannot set permissions on an individual guest. Default vBulletin was not engineered with that criteria.

We just recently discussed this subject here on vBulletin.org, with brighter minds then mine. I will see if I can find the post later and send it your way. :)

Note: A guest identification system could be setup and implemented, it is not impossible to achieve this.

Sharingan_Okami
08-19-2014, 11:22 PM
Note: A guest identification system could be setup and implemented, it is not impossible to achieve this.

What what i need to customize for such a thing work?

Is this something that can be done without too much custom coding?

Scanu
08-19-2014, 11:28 PM
If you just want some threads to be not listed in the forums but to be still acessible if someone has the link then I think it's not really hard

Sharingan_Okami
08-19-2014, 11:50 PM
It's not just some threads, its all threads.

The system the site requires & has so far is members can post threads. (but can only see their own threads)

You can share the thread with people only via direct link. Even though we have got this far, we just to be able to hide ALL OTHER posts from the guests or users.

Very private.

For example lets say you get the link to go to : forum.com/catagory1/thread.html
we need to block access to the forum.com/catagory1/ area so that they cannot view other people's posts. Only the direct thread.
Could this be possible?

tbworld
08-19-2014, 11:51 PM
I am not sure if we can help you, but to start with you would need to describe your need in detail. :)

Sharingan_Okami
08-19-2014, 11:56 PM
For example lets say you get the link to go to : forum.com/catagory1/thread.html
we need to block access to the forum.com/catagory1/ area so that they cannot view other people's posts. Only the direct thread.
Could this be possible?

Another example:
vBulletin.org Forum / vBulletin 4 Discussion / vB4 Programming Discussions/

Is it possible to not allow anyone not even members to browse threads.
Just to be able to reach the thread if they are given the thread id. https://vborg.vbsupport.ru/showthread.php?t=313809

This is pretty much all that is needed for the project to be complete.

tbworld
08-20-2014, 02:26 AM
Another example:
vBulletin.org Forum / vBulletin 4 Discussion / vB4 Programming Discussions/

Is it possible to not allow anyone not even members to browse threads.
Just to be able to reach the thread if they are given the thread id. https://vborg.vbsupport.ru/showthread.php?t=313809

This is pretty much all that is needed for the project to be complete.

Is this still for a guest account or a registered user account?

Sharingan_Okami
08-20-2014, 02:38 AM
The plan is to block browsing for both guests & users. Kind of like a vault/thread hosting.
Just like an http://puush.me for example.
You can share the link of the file (for us its a thread) and the only way anyone should be able to see it is via direct link. And they cant just browse through your threads.

I have made multiple examples. It's a very basic idea but i am not sure if the coding or modifying of the permissions is the same.

Scanu
08-20-2014, 10:10 AM
I'm not sure i'm just trying, you could search on showthread.php for the condition that give no permissions (line 238)

// ************************************************** *******************************
// check forum permissions
$forumperms = fetch_permissions($threadinfo['forumid']);
if (!($forumperms & $vbulletin->bf_ugp_forumpermissions['canview']) OR !($forumperms & $vbulletin->bf_ugp_forumpermissions['canviewthreads']))
{
print_no_permission();
}
if (!($forumperms & $vbulletin->bf_ugp_forumpermissions['canviewothers']) AND ($threadinfo['postuserid'] != $vbulletin->userinfo['userid'] OR $vbulletin->userinfo['userid'] == 0))
{
print_no_permission();
}

You have to remove one of these 2 conditions depending on how you set permissions for guests and users in that forum
If you remove this condition, guests and users aren't allowed to use a forum so they won't see the forum (and it's listed threads) on forumhome.php and forumdisplay.php but if they know the link of the thread then they won't get a no permissions message but they'll be able to see the thread

Sharingan_Okami
08-20-2014, 03:17 PM
I attmpted by removing both, but was still able to browse through all the threads.

I appreciate the help though, just didnt work :(

Scanu
08-20-2014, 04:54 PM
You also have to set forum permissions to guests and users if you didn't set them yet

tbworld
08-20-2014, 08:31 PM
I cannot see a simple secure solution to your inquiry. You can produce the look and feel of what you are looking for -- if faking it is okay, but establishing a secure method will take a bit of work. Changing the permissions of one module here does affect other modules and most likely other modifications that you are already using. You would need to be able to alter the code as these problems arise.

Assessment under current vBulletin
----------------------------------
1.) Doable - It would be possible to hide the forum so that it is not viewable. Reading of the thread or post is possible, there is no issue. Security could only be established by an obfuscated link. (You would be on your own for the obfuscated link.)

2.) Advanced - Having a guest write to a thread or a post is a security issue and precautions must be taken. A new permission would have to be established and triggered from the obfuscated pushed link. (If I understand your request correctly.)

3.) Advanced - Unless an additional thread permission is added, it would not be possible to secure it from prying eyes. This might affect the performance of your board. Several modules would have to be altered to accomplish this.

If option (1) is all you need, then I think we can give you a rough start. If you think you have the capability to handle the other options, layout what you are thinking in psuedo-code and we will try to fill in the blanks for you, as I have already given this subject some thought.

PS: Showing your project code will always yield you more qualified assistance. :)

Take Care :)