FUDforum 2.3 includes a powerful and flexible group managment system. which gives the administrator fined grained control over the actions that the users can perform on the forum.
This control panel allows the administrator to manage the groups, add and remove group leaders as well as specify which permissions the group leaders can assign to members of the groups they manage. The control panel allows the administrator to define, which resources (forums) a particular group can control.
By default FUDforum 2.3 automatically will create a group for every forum that is created. Those groups will carry the same name as the forum with the addition of the 'FORUM:' prefix. These groups cannot be deleted manually and will automatically be removed when the forum is deleted.
In addition FUDforum 2.3 also has two global groups, 'Global Anonymous Access' and 'Global Registered Access', the group serve a special purpose of defining the default permissions for special 'anonymous' and 'registered' users, who's permissions define the actions those users may perform.
Example 1.4. Global Groups
Lets say that you do not wish to give the anonymous users the ability to read messages inside any new forums you create. You can do this by modifying the permissions for the anonymous user in every automatically generated group created for new forum. This is obviously is rather awkward and inconvenient especially on large forums.
In this case using a Global Group can simplify and automate the process. By editing the 'Global Anonymous Access' group and taking away the 'Visible' & 'Read' permissions you ensure that any new auto-generated groups will not allow anonymous users to view the resources (forums) that this group controls. With this single change, you were able to avoid much manual labor of having to change the permissions granted to anonymous users in every group, which affects anonymous users.
Resources describe various things that the group system can control the permissions for, currently the group system is only capable of controlling forums, in the future its possible that the group system will be tasked with controlling permissions for other resources.
It's possible to have a group control multiple resources
It's possible to have resource conflicts, for example giving two groups control of the same resource. This isn't a problem for the group system as it will try to intelligently resolve the situation, see the section called “Resolving Conflicts”
Group Leaders are users who have the ability to add other users to groups and control their permissions, When adding other users to a group using the group manager control form they are able to specify the permissions of the user they are adding. However, a group leader can never give a user a permission for something that he himself is unable to do.
It's possible to have group leader conflicts, this shouldn't be a problem for the forum as it will try to intelligently resolve the situation see the section called “Resolving Conflicts”
Beside each group there is a list of permissions, the permissions which are set to 'Yes' can be assigned or removed by the group leaders from the users in the group.
If a particular permission is set to inherit, then this permission will be retrieved from the group who's permissions the current group inherits.
Example 1.5. Permission Inheritance
Lets suppose there is a group 'Group A', which allows the group manager to control the 'Visible','Read' and 'Post' permissions. There is also group 'Group B', which inherits 'Visible' and 'Read' permissions from 'Group A'.
While the permissions in 'Group A' allow the group manager(s) to control 'Visible' and 'Read' permissions same would be true for group manager(s) in the 'Group B'. Should the administrator take away the ability to control the 'Read' permission from the forum 'Group A' managers, the 'Group B' managers will also loose the ability to change the 'Read' permission from the members of their group.
The inheritance option is particularly useful if you are creating many similar groups and/or wish to have the ability to change the permissions of multiple groups by altering the permissions of a single group.
Beside each group there is a 'Manage Leaders' link, which would allow the administrator to add and remove group leaders. The list of current group leaders is also listed beside each group.
If you do not know the exact login of the user you wish to make a leader, enter a partial login and the list of matches will be presented to you.
This form, which is located top of the page allows the administrator to add and edit groups.
Group name can be whatever you want, it's preferable you name it something descriptive for future reference. It is generally a good idea, to name a group in such a way that it is possible to see which resources (forums) are controlled by this group by looking at it's name.
Controls the resources (forums) that the group permissions will be applied to, it is possible for a group to control multiple resources.
Groups can inherit permissions from other groups, this allows you to select from which group, the current group should inherit it's permissions from.
An example of how permission inheritance works can be found here.
This control whether or not this group will be able to affect the permissions of the resources assigned for to this group for all of the anonymous and registered users. This is a particularly dangerous option since it can be used to grant or take away permissions from a large group of users simultaneously.
Misuse of this option, can for example block access to all registered users to all of the forums controlled by this group if used improperly.
These are the actual permissions of the group, they control the maximum allowed permissions for the group leaders and regular users belonging to this group.
Each permission can have 3 values:
Yes, indicates that the members of this group are allowed perform this action
No, indicates that the members of this group are NOT allowed to perform this action
Inherit, indicates that the group inherits it's permissions from the parent group, as specified in the 'Inherit From' option.
The administrator can add/remove regular users from a group by clicking on the 'Manage Users' link located near each group or by using the 'Group(s) Manager' link on the forum's pages.
The group system allows a creation of conflicts by design, consider the following situation
You created a group named G1 which allows members to READ messages inside forum F1, and created a leader U1 in that group.
Now you create a group called G2, which allows members to post messages inside forum F1 and made U1 the leader of the group.
Now you have a conflict of permissions, because both G1 and G2 control the same resource and have the same user in them, so which permissions should the forum give U1? posting or viewing?
What will happen in reality, is that forum will grant group leader U1 both READ and POST permissions to the forum F1 because the logic for the group leaders is additive. Which means, that the highest possible permissions will be granted to a group leader.
This works opposite for normal users, if U1 was a normal user (i.e. NOT a group leader) then the logic would have been subtractive, that is, since is the permissions wouldn't have been added. U1 would have ended up without READ and POST permissions.