Changing the Order of Role Permission Application

LRitzdorf

• October 05, 2020 22:29

This proposal would change the system for evaluating a user's cumulative permissions in a given channel.

Currently, the permission hierarchy is structured such that denied permissions are evaluated for all of a user's roles, followed by granted permissions. This is a problem for a particular server I manage -- I would like normal members with a certain role, say @Athletics, to be able to access the #Athletics channel, and I have permissions set up for this. However, I would also like to disallow members with a higher role, @Staff, this access, even if they have the @Athletics role. (Institution staff members do not need access to a student athletic discussion.) Since the @Staff role is above @Athletics, I simply denied @Staff the "Read messages" permission, expecting that to take priority over the lower allow-access directive from @Athletics, in the case where a member possessed both roles.

However, under the current permission evaluation scheme, allow directives take priority at any level, even if a higher role denies the same permission. I realize that this might be inconveniently complex to implement, but it would be generally more logical if higher roles' permissions took complete priority over those of lower roles.

2

• 

  bryan

  • October 06, 2020 00:42

  Ah, I see what you mean.

  I'm sure I can help you with this one here. You can use a variety of bots, MEE6, and the turtle bot, and there's probably like 10 more, but you can set up reaction roles for different people with specific roles. Here's an example.
  
  
  This is a custom made a bot for a big server called Fallen. What it does is make a webhook and have specific emoticons to variate for that role, so if I clicked on the burger emoticon, it would give me the North America role, hope this helps!

  -2
• 

  LRitzdorf

  • October 06, 2020 03:41

  Actually, I'm already using a similar (but more user-friendly) system, via the YAGPDB.xyz bot. I have reaction rolemenus set up - that's not the issue here.
  I would like staff members at my university (@Staff) to be able to have roles, such as @Athletics, to mark the activities they participate(d) in. However, I don't want them to have access to the associated #athletics channel, which the @Athletics role grants. The logical way to do this would seem to be by placing the @Staff role above @Athletics and disallowing view access for @Staff in the #athletics channel settings.
  However, since permissions are evaluated in an unusual order, this does not work. Please read the original post for a complete description.

  0

Please sign in to leave a comment.