The access levels are not functioning as they should. Because you store access information on each user in the jos_fb_sessions field in the SQL database with no way to reset this information, any time I demote someone from my site, they are still permitted to see the boards they are no longer associated with.

For instance, if I set a Board A to be accessed only by an editor, User A as a registered user, he/she cannot see the board. If I promote User A to an Editor, then they see it fine.

The problem is, if I demote User A to just a Registered user, he/she is still able to see Board A on subsequent visits.

This is not good for those of us that are functioning in an environment that member promotion/demotion is needed.

I am currently running Joomla 1.0.15, MySQL 4.1.22, PHP 4.4.8 and Fireboard 1.04. Is anybody else having this issue and is it a known bug on the slate to be fixed anytime soon?

As a side note, I attempted to run the Synchronize Users option and this doesn't do anything to fix the permission issue.

Really love this add-on and have been using it since it was born from JoomlaBoard. You've come a long way since then and so far, this issue is my biggest complaint with the software so far with v1.0.4.

Access Levels Broken? They never existed.

grinchy wrote:
Access Levels Broken? They never existed.

Then why bother even having the "Forum Security and Access" in the Forum Administration area if it isn't intended to work? I hope your were being facetious with that response.

No I'm not.

digitalhytop wrote:
The access levels are not functioning as they should. Because you store access information on each user in the jos_fb_sessions field in the SQL database with no way to reset this information, any time I demote someone from my site, they are still permitted to see the boards they are no longer associated with.

For instance, if I set a Board A to be accessed only by an editor, User A as a registered user, he/she cannot see the board. If I promote User A to an Editor, then they see it fine.

The problem is, if I demote User A to just a Registered user, he/she is still able to see Board A on subsequent visits.

This is not good for those of us that are functioning in an environment that member promotion/demotion is needed.

I am currently running Joomla 1.0.15, MySQL 4.1.22, PHP 4.4.8 and Fireboard 1.04. Is anybody else having this issue and is it a known bug on the slate to be fixed anytime soon?

I use Joomla's user database rather than Fireboard's, but I do know that when I demote someone's access level in Joomla, they no longer have access to that forum.
Users are forcibly logged out of Joomla when you change their access level, and the entire forum is reloaded each time they visit it.

Joomla's access levels are poor at best and do not work well with FB. You still have options. Use something like GroupJive, implement the access level hack, or wait for the next version.

Thanks for the replies folks. Granted, Joomla's access levels and user management have a lot of room for improvement and that's where extensions such as JACL and Community Builder come in handy. But, I still say the problem is with FB, not Joomla.

Using Joomla and CB to handle user profiles and when a new member visits the forums, FB creates a record for them in the jos_fb_sessions schema (userid, allowed, lasttime, readtopics, currvisit).

The trouble is that FB places the allowed board IDs in the "allowed" field, but when a particular member gets a demote that would take away some of these allowed rights to a particular board or group of boards, FB doesn't seem to be doing a recheck on these rights and modifying the table entry.

I can go in and delete this users record from the sessions schema and FB will rebuild the users record on their next entry into the forums, and it places the new and correct access rights to the boards based on the member's now demoted ACL. But doing this would also remove other important information stored for this user.

Either FB needs to recheck board rights on each member's entry into the forum, or it should allow the system admins to clear individual user's board access permissions using the FB User Administration module.

As I said in one of my last posts, what's the point of allowing us to set permissions on each of the boards if FB is just going to ignore them based on lack of proper performance?