Welcome to Geeklog, Anonymous Tuesday, December 10 2024 @ 07:29 am EST
Geeklog Forums
security groups not clear
Status: offline
remy
Forum User
Full Member
Registered: 06/09/03
Posts: 162
Location:Rotterdam & Bonn
Somehow I can't figure out what the difference is between the groups 'All users' and 'Logged-in users'.
The database table says that only user 1 (Anonymous) is not part of 'Logged-in users'. User 1 (Anonymous) is part of 'All users'.
The name 'Logged-in' is confusing; the group should be named 'Registered users', which is weird too, since you can't be a user without registering.
So, there is a huge redundancy with 2000 users. Increasingly if one needs own grouping.
I'm dead. I can't see that this redundancy is needed to distinguish the permissions of Anonymous from the rest.
Anybody to call me to life again?
The database table says that only user 1 (Anonymous) is not part of 'Logged-in users'. User 1 (Anonymous) is part of 'All users'.
The name 'Logged-in' is confusing; the group should be named 'Registered users', which is weird too, since you can't be a user without registering.
So, there is a huge redundancy with 2000 users. Increasingly if one needs own grouping.
I'm dead. I can't see that this redundancy is needed to distinguish the permissions of Anonymous from the rest.
Anybody to call me to life again?
20
16
Quote
Status: offline
remy
Forum User
Full Member
Registered: 06/09/03
Posts: 162
Location:Rotterdam & Bonn
Oh, yes. I totally agree with you, Dirk.
I still don't see why I must have 2000 records in table['group_assignments'] for 'ALL users' AND 1999 records in the same table for 'Logged-in users'. The only difference in those groups is $_USER['uid'] = 1.
I do think that a group 'Anonymous' with only 1 member does the job better. This concept is transparant with the permission block. That block does state 'tick for anonymous access'.
Resume. The name 'Logged-in' is confusing. This group contains all users, exept user Anonymus, uid=1. The name does not have any relationship with the process of log-in. It does say that the user once created an account. Nobody knows if he/she ever logged-in. In this way, the use of the name is very identical to the use of 'All users' when Anonymous is kicked of 'All users' and no longer hidden from the user-lists.
Cheers!
I still don't see why I must have 2000 records in table['group_assignments'] for 'ALL users' AND 1999 records in the same table for 'Logged-in users'. The only difference in those groups is $_USER['uid'] = 1.
I do think that a group 'Anonymous' with only 1 member does the job better. This concept is transparant with the permission block. That block does state 'tick for anonymous access'.
Resume. The name 'Logged-in' is confusing. This group contains all users, exept user Anonymus, uid=1. The name does not have any relationship with the process of log-in. It does say that the user once created an account. Nobody knows if he/she ever logged-in. In this way, the use of the name is very identical to the use of 'All users' when Anonymous is kicked of 'All users' and no longer hidden from the user-lists.
Cheers!
21
21
Quote
Status: offline
remy
Forum User
Full Member
Registered: 06/09/03
Posts: 162
Location:Rotterdam & Bonn
Revisiting the table [group_assignments]
The permission system tests the uid to detect the 'Geeklog SuperUser'. If uid = 2, then any privilege is assumed.
This could be done in a similar way for Anonymous too: if uid = 1, then no privilege is assumed.
And, furthermore, if uid > 2 then the privilege of Logged_in_Users is assumed.
These changes can eliminate two heavy populated groups, All_Users and Logged_in_Users.
Unless, there are some other effects emanating of whom I'm not aware of.
This brings me to the question : why is it necessary for GeekLog to have all groups added to the Root Group?
Example:
1. The group 'Group Admin' is added to the Root Group.
2. The group 'User Admin' is added to the group 'Group Admin'.
3. The group 'User Admin' is added to the Root Group.
Why is (3) necessary?
The permission system tests the uid to detect the 'Geeklog SuperUser'. If uid = 2, then any privilege is assumed.
This could be done in a similar way for Anonymous too: if uid = 1, then no privilege is assumed.
And, furthermore, if uid > 2 then the privilege of Logged_in_Users is assumed.
These changes can eliminate two heavy populated groups, All_Users and Logged_in_Users.
Unless, there are some other effects emanating of whom I'm not aware of.
This brings me to the question : why is it necessary for GeekLog to have all groups added to the Root Group?
Example:
1. The group 'Group Admin' is added to the Root Group.
2. The group 'User Admin' is added to the group 'Group Admin'.
3. The group 'User Admin' is added to the Root Group.
Why is (3) necessary?
19
29
Quote
Status: offline
Laugh
Site Admin
Admin
Registered: 09/27/05
Posts: 1470
Location:Canada
The setup of Geeklog Security was before my time so I would have to look into things a little more to be 100% sure.
Root User may not necessarily be id of 2. Root group requires at least 1 user to be in root so if another user exists then id 2 could be deleted. (I believe this is how it works)
Anonymous will always be 1 though.
I agree some assumptions could be made in regards to groups to speed things up and from your examples it looks like you found a few instances that should be fixed.
Thanks for the forum post and I have added a issue in github for it.
https://github.com/Geeklog-Core/geeklog/issues/1082
One of the Geeklog Core Developers.
Root User may not necessarily be id of 2. Root group requires at least 1 user to be in root so if another user exists then id 2 could be deleted. (I believe this is how it works)
Anonymous will always be 1 though.
I agree some assumptions could be made in regards to groups to speed things up and from your examples it looks like you found a few instances that should be fixed.
Thanks for the forum post and I have added a issue in github for it.
https://github.com/Geeklog-Core/geeklog/issues/1082
One of the Geeklog Core Developers.
25
25
Quote
All times are EST. The time is now 07:29 am.
- Normal Topic
- Sticky Topic
- Locked Topic
- New Post
- Sticky Topic W/ New Post
- Locked Topic W/ New Post
- View Anonymous Posts
- Able to post
- Filtered HTML Allowed
- Censored Content