This help article describes the current way in which permissions for a user are calculated.
The help article mentions that permissions are resolved using a hierarchy. However, the ordering of roles does not actually affect what is and what isn't allowed.
I believe this wording and method of permission resolving is confusing and prone to errors.
A simple example
Imagine I'm running a large support server for people who suffer from a chronic disease. In this server there are many public channels, but also some channels that should only be accessible to people who actually suffer from (and have to deal with) this disease.
The way we have this setup is by denying [at]everyone read permissions in the channel and explicitly allowing it for users who have a special role.
There are also channels where not everyone who can see it can type in it. This is set up by allowing read permission to certain roles, and then allowing write to only some of those.
Unfortunately, not everyone follows the community rules and we need to moderate them. Usually we believe that a simple mute is plenty. We rarely kick or ban users because the server forms such a valuable source of information.
Due to the current way Discord handles permissions, we cannot easily do this since allow permissions are always applied over deny permissions, even when the role that denies access is ranked above the one that grants it. this is a problem
Why does it work this way?
Discord has a very simple way of figuring out who is allowed to do what, and where. Basically it boils down to the following: first we figure out what someone isn't allowed to do, and remove those permissions. But then we look at what they are allowed to do (a green check mark in role settings) and suddenly the earlier setting that forbids something is erased.
My proposed solution
Instead of grouping all allows and denies before applying them, stack all the roles a user has and then look at them from the top. This way, the permission of the highest ranked role apply.
There are three roles: everyone, member, and muted.
We have a channel that should be invisible to everyone except for members. Muted users should not be allowed to talk in it (but still be able to see it if they also have the member role).
To set this up, we first configure the channel to deny read permissions from everyone. Then we allow reading and writing to members, and deny writing to muted.
Stacking the three roles, with everyone at the bottom and muted at the top, results in exactly what we want.
I believe that changing the permission system in this way does not negatively affect the way permissions are understood. In fact, I believe that actually making the system hierarchical like the interface and help articles say it is helps in making it easier to understand.
Yorum yazmak için lütfen oturum açın.