Win a copy of Testing JavaScript Applications this week in the HTML Pages with CSS and JavaScript forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Bear Bibeault
  • Ron McLeod
  • Jeanne Boyarsky
  • Paul Clapham
Sheriffs:
  • Tim Cooke
  • Liutauras Vilda
  • Junilu Lacar
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Tim Holloway
  • fred rosenberger
  • salvin francis
Bartenders:
  • Piet Souris
  • Frits Walraven
  • Carey Brown

Dynamic list of users with access rights in restricted forums

 
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
For clearness and trust of users in restricted forums I'd like to indicate which users have access.
I want to show it only where appropriate, in an unobtrusive manner and the list should compile dynamically.

Outline:
Set up a sticky post (say 'Access List') in a restricted forum
which dynamically shows all user names with at least read access.

Is that possible at all? If, how?

Uwe

[originally posted on jforum.net by tjan]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The dynamic post item would be hard. The information listed in a post comes from the DB tables and there are a lot of security measures to keep people from putting malicious code into post that would keep stuff from happening.

However, you could have a post with a URL to a custom jForum "action" (or you're own servlet) that would display who was allowed.

Theoretically, figuring out who's allowed is possible. But it will take a fair amount of "splunking" thru the security code to figure out how to do this. Unfortunately, the security stuff is complex and it's not something that can be explained easily.

The basic problem is that jForum does checks on a User basis. E.g., user x requests forum y... and then user x's ACL to see if it's allowed. Generating the ACL for a user takes a lot of queries, so using the existing code to run thru all users to see who's authorized would be very slow. There is a SecurityRepository that might make this OK but if you have a lot of users there may be a memory issue.

The information to figure out a list of authorized users (or groups) is in the DB's but the code to do it needs to be worked out. The coding probably won't be too hard to do... it just figuring out what needs to be done that will be a pain given the complexity.

That said an easier "middle ground" is that if you are confident that your forum security measures limit access to a specific set of groups, it's easy to get the members of these groups. A lot less coding but if some one messes with the security settings, it might not be accurate.
[originally posted on jforum.net by monroe]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks for clarifying.

So, I will stick to list the members of the respective groups.

I will spare related questions to a new post - when the time is ripe.

Uwe

[originally posted on jforum.net by tjan]
 
What are you doing? You are supposed to be reading this tiny ad!
Thread Boost feature
https://coderanch.com/t/674455/Thread-Boost-feature
    Bookmark Topic Watch Topic
  • New Topic