[Jawelin]

I GOT IT !!!
:laugh: :laugh: :laugh:

Finally I managed to create a almost simple algorithm to perform a search of all users having access to a given forum, at any level (usergroup/forumpermission/accessmask), with the right priority order, I think.

Chen, as it's an extension of your hack "List users by access masks", if you agree, I would post my 'version' following that thread, or as a new thread as 3rd party addon to your version ??

Here are the simple starting thesis:[list=1][*]All usergroups have default 'usergroup.canview=[0/1]' access to each forum, unless different specification somewhere else. Table 'usergroup'; lowest priority.[*]Search for group-forum crossed permissions in 'forumpermission' table. First for forum parent items, later (w/ major priority) child forums. Different forumpermission.canview=[0/1]' specification than the previous default could revert it for that usergroup; medium priority.[*]As a result, I'll obtain all the usergroups with canview access [0/1] to the desired forum.[*]Exploding users for these groups, now I have all the users with group-level rights.[*]Now I can check per-user based auths, checking the 'access' table. Based upon the status of 'access.canview=[0/1]' for each user, I can remove or add that user to the previous list. Highest security priority.[*]Finally I have the complete (unordered, but isn't a problem for sql IN statement) list of users having (or not) access to that particular forum.[/list=1]

This way, with ONLY four (4) queries (even they could be reduced with some nice LEFT JOIN, but wouldn't overload my algorithm complexity at this time... if someone... ), I should have taken care of any security items in the VBulletin scheme.

This version works only for two-level categories, but I think an easy extension could be done for recursive multi-level approach.
Iteration is human, recursion is divine...

Hope this will work.
Thank you.
Bye