User permissions audit: incorrect permission assignments
Posted: 06 May 2013, 16:22
Hi all,
During an audit of forum user permissions, I noticed that some user accounts had forum permissions explicitly defined, which may have inadvertently locked these users out of several user features (i.e. private messaging) or allowed them to bypass certain restrictions (such as the post flood limit, for example). Most of these were accounts already banned (these cases were legacy permissions from the conversion to phpBB 3.0.x performed in August 2008), but there were some active user accounts in the list which have happened since.
I've reset permissions on the active accounts so that they should be inheriting the user permissions assigned to the usergroups that those members are a part of, as things should have been in the first place (it makes administration of the board considerably easier if permissions are assigned to user groups and not to individual users, particularly if/when users are moved between usergroups). I will shortly be contacting the affected users via private message to verify that everything is correctly set up for them.
If you do not receive a private message from me regarding this announcement by 2013-05-06 17:00 UTC+2, you may safely ignore this announcement.
During an audit of forum user permissions, I noticed that some user accounts had forum permissions explicitly defined, which may have inadvertently locked these users out of several user features (i.e. private messaging) or allowed them to bypass certain restrictions (such as the post flood limit, for example). Most of these were accounts already banned (these cases were legacy permissions from the conversion to phpBB 3.0.x performed in August 2008), but there were some active user accounts in the list which have happened since.
I've reset permissions on the active accounts so that they should be inheriting the user permissions assigned to the usergroups that those members are a part of, as things should have been in the first place (it makes administration of the board considerably easier if permissions are assigned to user groups and not to individual users, particularly if/when users are moved between usergroups). I will shortly be contacting the affected users via private message to verify that everything is correctly set up for them.
If you do not receive a private message from me regarding this announcement by 2013-05-06 17:00 UTC+2, you may safely ignore this announcement.