Nabble...You have a bug!

classic Classic list List threaded Threaded
29 messages Options
12
Reply | Threaded
Open this post in threaded view
|

Nabble...You have a bug!

mywaytoo
Reply | Threaded
Open this post in threaded view
|

Re: Nabble...You have a bug!

GregChapman
I know you'll have spotted it Anne, but for others there is a response here:

http://nabble-support.1.n2.nabble.com/Banned-users-remain-on-the-Forum-tp6513724p6535140.html
Volunteer Helper - but recommending that users move off the platform!
Once the admin for GregHelp now deleted.
Reply | Threaded
Open this post in threaded view
|

Re: Nabble...You have a bug!

mywaytoo
Greg... This has removed the Banned user from showing on my Forum...

BUT has it fixed the reason why that user was allowed to become an Authenticated user without me having replied to their Nabble confirmation email???

AND does it now ensure that Registration preceeds Login???

Anne
Reply | Threaded
Open this post in threaded view
|

Re: Nabble...You have a bug!

Hugo <Nabble>
Hi Anne, I don't understand where the problem is. Although banned users can still login, they cannot do anything on the forum. They can't even edit their own posts. So there is no reason to worry.
Reply | Threaded
Open this post in threaded view
|

Re: Nabble...You have a bug!

GregChapman
Hi Hugo,

The banned user may not be able to DO anything, but I believe Anne was concerned that the banned user remains visible on the People list so the banned user may be accessible to other users privately. Perhaps they only remain visible to users with "Admin" status?

Also, it would appear to be related to the confusion about the terms "Authenticated" (which I understand means, "an email address has been submitted") and "Registered" (meaning "an email address has been verified). It seems to me that on the Permissions screen, the "Authenticated" column ought to be headed "Registered".

As I understand it, (I haven't tested it) a banned user remains on the "Authenticated" list and this is part of the confusion, because by being there they would appear to have all the permissions of an unbanned authenticated (or is it registered?) user.
Volunteer Helper - but recommending that users move off the platform!
Once the admin for GregHelp now deleted.
Reply | Threaded
Open this post in threaded view
|

Re: Nabble...You have a bug!

Camo
This is an issue which has only just come to my attention, and its rather confusing.

"Member' should be a user who has verified their registration email.
Such a user should only appear under the "Members" filter.

"Authenticated" users should only appear under that filter, likewise admin under "admin".

Once an Authenticated user has verified the email, they become a "member" and ought to be removed from lesser groups.

I need to verify registration of members for certain purposes, I need to know my listed "members" are indeed verified registered.

I have just had to move "registered" authenticated members to the Members list.

Can this not be Automated? The user settings are frankly as confusing as hell!

Camo's Classifieds! © Camo's Reptiles
Reply | Threaded
Open this post in threaded view
|

Re: Nabble...You have a bug!

mywaytoo
In reply to this post by GregChapman
GregChapman wrote
... the banned user remains visible on the People list so the banned user may be accessible to other users privately. Perhaps they only remain visible to users with "Admin" status?
I tested as a non-Admin...
"When I'm logged in as Admin: 
their email address is displayed
the option to email them is still present
there is an option to 'Unban' them.

When I'm logged in as a Member:
the option to email them is still present.

This user is a spammer, and I don't want my Members to be exposed to the likes of them... or even me, accidently... "


GregChapman wrote
Also, it would appear to be related to the confusion about the terms "Authenticated" (which I understand means, "an email address has been submitted") and "Registered" (meaning "an email address has been verified). It seems to me that on the Permissions screen, the "Authenticated" column ought to be headed "Registered".

As I understand it, (I haven't tested it) a banned user remains on the "Authenticated" list and this is part of the confusion, because by being there they would appear to have all the permissions of an unbanned authenticated (or is it registered?) user.
I have just tried to post to my Forum as a user who is Anyone and Authenticated, and have bumped into this verification screen...

"Authorized Users Only 
Sorry, but only authorized users can proceed in this area. You can use the form below to send a request to the administrators.
Request Access
Explain to the administrator(s) why you want to access this restricted area. "


??? I'm going to post this comment now so that I don't lose it...
Anne
Reply | Threaded
Open this post in threaded view
|

Re: Nabble...You have a bug!

mywaytoo
Continuing from previous comment...

Hugo... I'm wondering now whether an email is ONLY sent to Anyone / Authenticated users when they TRY TO POST on the Forum? Oh... that depends on the permissions that I have set... but I don't want people posting who are not acceptable...

Greg... This all comes back to the Authenticated / Registered dilemma.

Camo... Automated entry into the Member's group would have allowed my spammer in.


  I have no idea how all of the applications fit together, but do appreciated that there must be a uniform procedure... so what is wrong with...

Anyone = allowed access to Read-Only
Registration = Forced before initial communication, and email to be validated via email confirmation
Authenicated = Registered = Email confirmation received*
Login = only allowed after Registration

*Camo... This point would be equivalent to your automated group entry.

Oh... I must stop again...

Anne
Reply | Threaded
Open this post in threaded view
|

Re: Nabble...You have a bug!

Hugo <Nabble>
Let me explain some important points and make sure everyone is on the same page.

1) If the user is banned, then he/she can't do anything (as I explained before). Also, banned users don't show on the people page anymore. Even if you are an admin you won't see banned users on that people page. The only places you may see those users are:
    1.a) In threads, if the banned users still have posts left;
    1.b) In the Options > Users > Manage banned users page
    1.c) In the Options > Users > Manage users & groups, only when the banned user is still part of a given group. Note that this shouldn't be an issue at all because the banned user can't do anything on the forum, even if he/she is part of the administrator group. It doesn't matter where that user is listed. If he/she is banned, then he can't do anything.

2) If you visit the profile of a banned user, you will not see those options to send email, etc. So users that visit that page will see a "Banned user" label there.

3) Authenticated users are simply users that have an email in the database. Authenticated users can be registered or not. For example, if you go to the "Manage users & groups" page and add abc@example.com as a member, that user will become an authenticated user, although not registered. Maybe we should add a "Registered" section to the "Manage users & groups" page so that you can focus on that tab instead of looking at the "Authenticated" list. If you guys agree, I will do that.

4) Nabble has a flexible system, so the meaning of "Member" (and other groups) is defined by the forum admins in the permissions page.

5) Login is only allowed after registration (i.e., user confirmed his/her email address). If you don't want anonymous users posting on the forum, make sure the "Anyone" column is not selected on the permissions page.
Reply | Threaded
Open this post in threaded view
|

Re: Nabble...You have a bug!

Camo
This post was updated on .
Hugo, here lies my confusion:

On the people page, under the members filter, I have users listed as unregistered in my members list (filter)

To me, An unregistered user is simply a 'guest', no more, no permissions excepting to veiw all.

can this 'Authenticated' list (email known) be changed to 'Subscribers only' and not listed as Members?

To me a 'registered ' user has validated the reg email and has all permissions I allow.

Thats really all any other forum requires, Admin, registered (validated) and guests. No group should appear in multiple listings.

Authenticated just confuses things.  I dont mind if Guests subscribe to forums etc, but they should not be included in my members list. I have no idea now who has validated or not excepting those who have actually made atleast one post.

Also, can I not , as Admin, opt in for email notification when someone validates their registration?

you said.....

"If you don't want anonymous users posting on the forum, make sure the "Anyone" column is not selected on the permissions page."

If the 'anyone' colum is left blank entirely, how will folk see the forum to register in the first place? Surely
'can view' should atleast be ticked?
Camo's Classifieds! © Camo's Reptiles
Reply | Threaded
Open this post in threaded view
|

Re: Nabble...You have a bug!

mywaytoo
This post was updated on .
In reply to this post by Hugo <Nabble>
Hugo... Thank you for being so patient...

1. I can follow and am happy with what happens with Banned users now, but would rather they didn't show up in the Read-only Authenticated group accessible by Admin from Option > Manage Users and Groups. At the moment with 9 people on the list, of which 3 are me (lol), I can easily see what's going on... but I, as Admin, can copy the Read-only list and therefore the Banned user... in my case a spammer!  

2. I can't find a way for Admin to access the profile of a Banned user anyway... Good...

4. Admins set page permissions... Good...

5. Login only allowed after registration... Yes, I've found that out now. I was thinking that as Unregistered users were on my Forum, then they must have Logged in without registering... not sure about the Anyone though. I was thinking that this meant that all people could read (only) anything written on the Forum... my members appear as 'Anyone, Authenticated, Members'... which takes us nicely onto 3.

3.   I would like a group headed Registered.

Firstly this will have more meaning to my users because they will know that they Registered, but will have no idea of what 'we' mean by Authenticated.

Secondly it means that displayed information will have more meaning / be more consistent. Currently a registered user appears as such with the date of registration:
Registered: Jul 03, 2011
Groups: Anyone, Authenticated
Whereas an Unregistered user is displayed as Unregistered, having no reg.date, yet is still a Member:
Unregistered User
Groups: Anyone, Authenticated, Members

NOTE: I have kept these users in the Anyone group... I think this is wrong...   Anyone and Members should be mutually exclusive, because once they are Members, they can do far more that read-only, and if we had a Registered group, then that too would supercede Anyone...  

I must have a break for a moment... brb

Thirdly, I will receive an email about a user who would like to register:
"fromNabble no-reply@nabble.com
to My email address
date23 June 2011 07:17
subjectAuthorization requested to join My Forum
mailed-byn2.nabble.com............
To accept this request, you (ie. I) should add this user to at least one permission group that has access to this area
..........
Or you (ie. I) can ignore this email if this user should not visit this area."


So I will know for sure that I have given permission for every user in the Members group. Oooops... this could apply to the Registered users group... thereby creating an automated system that Camo would like...

I could manually move Registered users over to Members when I send them their free knitting patterns...

Fourthly, once a user is Registered, then they no longer need to be in the Anyone group...  


This sort of thing would be best for me... Any other ideas???
Anne
Reply | Threaded
Open this post in threaded view
|

Re: Nabble...You have a bug!

Camo
Got another of these today...

"Dear camo,

Spikey requested authorization to join the Classifieds:
http://classifieds.1047537.n5.nabble.com/



To accept this request, you should add this user to at least one permission group that has access to this area:
http://classifieds.1047537.n5.nabble.com/template/NamlServlet.jtp?macro=change_user_groups&user=200702
Or you can ignore this email if this user should not visit this area."

It seems to me folk see "post new topic" link on the main page, click it and are led to the message about sending permission request.

This is not practical. If they do this they should be redirected to the register page instead.
Camo's Classifieds! © Camo's Reptiles
Reply | Threaded
Open this post in threaded view
|

Re: Nabble...You have a bug!

GregChapman
In reply to this post by Camo
Hi Camo,

I agree with most of your points, however...
Camo wrote
To me, An unregistered user is simply a 'guest', no more, no permissions excepting to veiw all.

can this 'Authenticated' list (email known) be changed to 'Subscribers only' and not listed as Members?

To me a 'registered ' user has validated the reg email and has all permissions I allow.

Thats really all any other forum requires, Admin, registered (validated) and guests. No group should appear in multiple listings.
I worry about your suggestion the term "Subscriber" to head the "Authenticated" list. To me that has implications for confusion for those using Nabble for mail lists/archives. For them a subscriber is an equivalent of "member" to the administrator of a forum. "Subscribe" should be reserved for use in connection with sending emails. It's why I slightly prefer the term "Email Submitted" or your "Email Known" to describe this status.

If the 'anyone' colum is left blank entirely, how will folk see the forum to register in the first place? Surely 'can view' should atleast be ticked?
Hugo's suggestion makes sense to me. There are many circumstances where a web site will tell of the existence of of a discussion area, whose content needs to remain complete secret until you are admitted entry, for instance, forums where sub-groups of players in a multi-player role play game, discuss how to defeat opposing sub-groups.

It's also common on forums where admins may want only "members with special privileges" to see certain sub-forums. For example, I am involved in several where I act as a moderator, I am not given full admin rights but do have additional rights over ordinary members, for example, to move suspect posts to a sub-forum that is invisible to ordinary members. It allows the admins to move it back if I'm ruled to have misjudged the situation.
Volunteer Helper - but recommending that users move off the platform!
Once the admin for GregHelp now deleted.
Reply | Threaded
Open this post in threaded view
|

Re: Nabble...You have a bug!

GregChapman
In reply to this post by Hugo <Nabble>
Hugo <Nabble> wrote
Maybe we should add a "Registered" section to the "Manage users & groups" page so that you can focus on that tab instead of looking at the "Authenticated" list. If you guys agree, I will do that.
YES, YES, YES, please!

Also:
Add a "Registered" group link on the profile screen. (Until very recently, I had been assuming that the "Authenticated" I saw there implied, that they were registered.)

Can you clarify, whether for forum owners, on the Permissions screen, the "Authenticated" column should be headed "Registered". I have always assumed those permissions only applied to those who had confirmed their email address. (Perhaps I have been lucky in not suffering any abuse through granting permissions on that basis.). If it doesn't then I would suggest that its functionality should be changed to apply only to registered users.
Volunteer Helper - but recommending that users move off the platform!
Once the admin for GregHelp now deleted.
Reply | Threaded
Open this post in threaded view
|

Re: Nabble...You have a bug!

GregChapman
In reply to this post by mywaytoo
Hi Anne,
mywaytoo wrote
Hugo... Thank you for being so patient...
Indeed, this must be a hectic time for the Nabble team with templates about to be released!

I confess that I didn't quite follow all your arguments about access to banned users, but maybe that's because I haven't got any so don't know quite how it works.
but I, as Admin, can copy the Read-only list and therefore the Banned user... in my case a spammer!
Why do you want to copy that particular list? It's easy enough to create additional groups and manually transfer any individuals you want to appear in them. Most forum Admin will do this once a visitor has registered when they assign them "Member" status. As a forum Admin you should use the "Manage Users and Groups" screen, for identifying which people have what status.
2. I can't find a way for Admin to access the profile of a Banned user anyway... Good...
But in his point 2, Hugo says you can look at banned users! (And I'd have thought you would want to investigate details of previous banned users to be able to identify patterns that might help track them down or make it easier to spot them when first attempting to register.)
5. Login only allowed after registration... Yes, I've found that out now. I was thinking that as Unregistered users were on my Forum, then they must have Logged in without registering... not sure about the Anyone though. I was thinking that this meant that all people could read (only) anything written on the Forum... my members appear as 'Anyone, Authenticated, Members'... which takes us nicely onto 3.

3.   I would like a group headed Registered.
I agree with this, as I think Camo does. To the typical forum owner, together with "Anyone" and "Admin", "Registered" is the only status level that matters. It may be different for mail list owners, where submitting an email address without confirming it (Authenticated, as Nabble calls it) is sufficient, but for most forum administrators, registered will be the level at which visitors may view and post on the forum, with the "Member" status being reserved for some "premium" access to parts of the forum not viewable or postable by the registered visitor.
Secondly it means that displayed information will have more meaning / be more consistent. Currently a registered user appears as such with the date of registration:
Registered: Jul 03, 2011
Groups: Anyone, Authenticated
Whereas an Unregistered user is displayed as Unregistered, having no reg.date, yet is still a Member:
Unregistered User
Groups: Anyone, Authenticated, Members
That result depends entirely on how you have set up the permissions and how you use the various status levels (Anyone, Authenticated, Member, etc.)
NOTE: I have kept these users in the Anyone group... I think this is wrong...   Anyone and Members should be mutually exclusive, because once they are Members, they can do far more that read-only, and if we had a Registered group, then that too would supercede Anyone...  
I think that is where you are going wrong! The system is set up on the assumption that these statuses are cumulative NOT mutually exclusive. That's why, by default, sub-forums inherit the permissions of their parent forum. You are meant to add the permissions desired for the particular group of visitors that are allowed access to it, post there, etc. Taking Nabble Support as an example:

Anyone: Rights to view the forum and all sub-forums

Registered: Rights to post in sub-forums (Free Support and its sub-forums)
(They don't need rights to view, since they have that by being a member of the Anyone group)

Members: Rights to post at the top level (i.e. the Paid Support Area)
(They don't need rights to view, since they have that by being a member of the Anyone group, nor do they need rights to post in the sub-forums as they have that as members of the Registered Group)

The only problem at the moment is that, on the permissions screen the registered status column is headed authenticated! I believe that is mis-named at the moment. Alternatively, it is inappropriate and the permissions concerned should be being given only to those with a confirmed email address, i.e. "Registered" users.
So I will know for sure that I have given permission for every user in the Members group. Oooops... this could apply to the Registered users group... thereby creating an automated system that Camo would like...

I could manually move Registered users over to Members when I send them their free knitting patterns...
Exactly! You don't have to grant members of any group you create additional permissions on the forum, you could just use it as a flag to indicated something external to their view/post/editing rights. (You could consider creating a "Free Pattern" group to provide and indication to you of who you had sent one. I'm not clear, in your case, whether this group is synonymous with your "Member" group, and could be used to replace your existing "Members" group.)

Taking my forum at:
http://www.seahawk17.plus.com/forum.htm
as another example...  I insist everyone posts an "Introduction" before they can become "Members" and get full posting rights. Some people only discover the site when they come to sell their boat, so I have established a "Sellers" group. Posting an introduction would be inappropriate you'll have no further interest in the boat once it is sold. At the top  level of the forum they get no rights at all. The only permission a seller gets in addition to those they have as a member of the "Anyone" group is to "Create_topic" in the "For Sale" sub-forum. They don't even get "Reply" rights. If someone posts a reply to their advert, they have the opportunity to clarify their advert by editing their post, so they don't need the reply permission.
Volunteer Helper - but recommending that users move off the platform!
Once the admin for GregHelp now deleted.
Reply | Threaded
Open this post in threaded view
|

Re: Nabble...You have a bug!

mywaytoo
GregChapman wrote
but I, as Admin, can copy the Read-only list and therefore the Banned user... in my case a spammer!
Why do you want to copy that particular list?
Greg... It doesn't matter WHY I might want to copy this list... I, personally, 'hope to retire in lashings of wealth' and only design knitting patterns for others to add to the website, leaving everything else to other people to maintain, but who won't be aware that that list contains a spammer! Oh... You may have detected my intense dislike of spammers! That list may be copied as, what I would call, a Mailing List, and private information emailed to them for, say, a Special Offer / 20% Discount / whatever...

But hang on... this is the Authenticated group, which I could happily live without anyway... ???

GregChapman wrote
NOTE: I have kept these users in the Anyone group... I think this is wrong...   Anyone and Members should be mutually exclusive, because once they are Members, they can do far more that read-only, and if we had a Registered group, then that too would supercede Anyone...  
I think that is where you are going wrong! The system is set up on the assumption that these statuses are cumulative NOT mutually exclusive.
I think that I'm thinking of things from my users point of view... Once they are Members, or more, then they have no need to know that they were, once, Anyone. HOWEVER, that information needs to be recorded with Inherit, because there may be a time when that user is downgraded to Anyone, or whatever.

I would suggest at some stage, when things are not so busy, that the latest / highest level group is the only one that is displayed on the users' screen...

GregChapman wrote
I insist everyone posts an "Introduction" before they can become "Members" and get full posting rights.
Mine is similar... Currently everyone can read everything. Once a user is Registered and confirmed by me, and preferably has 'liked' me on Facebook, I send some free knitting patterns. There are more free knitting patterns available if they make a comment on the Forum, FB maybe too (???), after which I shall move them up to MembersPlus (???). I think I shall have a private group for Customers only, where they can discuss the knitting patterns that they bought, and, I suppose, full posting rights (???).

So, in summary, it seems that a Registered group, requiring confirmation, would be appreciated for the Forum side of things. This would not be automated for Camo, but if I ever get to the stage where I have toooooo many confirmation emails to cope with, I shall employ someone to take over the role of Security...   
Anne
Reply | Threaded
Open this post in threaded view
|

Re: Nabble...You have a bug!

Hugo <Nabble>
Guys, I see the issue and I am working on it now. My idea is to remove the "authenticated" word from the interface and controls and make sure we have labels like "registered" and "all users". This will make things more clear from now on. Thanks for bringing this to my attention.

All other requests – like admins being notified when a user completes the registration, etc. – can be done with templates, so you should wait a little bit until we get that part finished and released (~1-2 weeks).
Reply | Threaded
Open this post in threaded view
|

Re: Nabble...You have a bug!

mywaytoo
This post was updated on .
Hugo... Thank you so much...  

Edited... So, in effect, Camo has got an automated group of Registered users too... and I shall set things up, in a template, to send an automatic Confirmation email from Nabble, so that all my Registered users will have been accepted by me.
Anne
Reply | Threaded
Open this post in threaded view
|

Re: Nabble...You have a bug!

GregChapman
In reply to this post by mywaytoo
mywaytoo wrote
GregChapman wrote
but I, as Admin, can copy the Read-only list and therefore the Banned user... in my case a spammer!
Why do you want to copy that particular list?
Greg... It doesn't matter WHY I might want to copy this list
It seems I misunderstood. The "read-only" list I was thinking of is the "People" list and that doesn't list email addresses, so wouldn't help you build an address database.

GregChapman wrote
I think that is where you are going wrong! The system is set up on the assumption that these statuses are cumulative NOT mutually exclusive.
I think that I'm thinking of things from my users point of view...
I see your point. A member doesn't need to have an understanding of how his permission set is constructed. He just needs to have a term to use when telling you there is a problem accessing a particular area.

However, my point was that it sounded like you were duplicating permissions which, conceivably, might lead to problems if you should ever develop a complex multi-level membership structure. I got the impression that you were awarding "Members" "View" rights, when that isn't necessary as a "Member" already has that right by virtue of being part of the "Anyone" group. I probably got that wrong too!
Volunteer Helper - but recommending that users move off the platform!
Once the admin for GregHelp now deleted.
Reply | Threaded
Open this post in threaded view
|

Re: Nabble...You have a bug!

GregChapman
In reply to this post by Hugo <Nabble>
Hugo <Nabble> wrote
Guys, I see the issue and I am working on it now. My idea is to remove the "authenticated" word from the interface and controls and make sure we have labels like "registered" and "all users".
Thanks, indeed! That does sound like a good plan.
Volunteer Helper - but recommending that users move off the platform!
Once the admin for GregHelp now deleted.
12