xenforo 的用户组权限是可以继承的。 Types of Permissions Not Set (No) Not explicitly set. Effectively a No if there is no Allow in other applicable permission sets. In the Node Permissions this is Inherit which means that permission is inherited from the higher level User Group Permissions and User Permissions. Allow This is like a Yes. The permission is granted. Revoke This is only used in the Node Permissions. A Revoke can be overridden by an explicit Allow but not an inherited Allow. Revoke is designed to reduce a user's Node Permissions in the absence of an explicit Allow. More on this later. Never This is an overriding No. The user won't have this permission even if there is an Allow elsewhere. Permission Sets There are different permission sets which come together to determine a user's overall permissions. These are the levels of permissions: Admin CP -> Users > User Group Permissions > User Permissions > Node Permissions The User Group Permissions define the base permissions. Then the User Permissions are an optional set of permissions that can be defined for individual users. These two sets merge together to form the base permissions for a user. Then you have the Node Permissions. These permissions are inherited from the previous two sets. In addition, node permissions of a parent node are inherited by child nodes. You can set node permissions per group and per user, and these two sets of permissions merge together to determine a user's final permissions per node. Permission Math Here is some permission math for the combinations that might not be obvious: Not Set (No) + Not Set (No) = Overall No Not Set (No) + Allow = Overall Yes Not Set (No) + Never = Overall No Inherited Allow + Revoke = Overall No Allow + Revoke = Overall Yes Allow + Never = Overall No Pay special attention to the Revoke ones: Inherited Allow + Revoke = Overall No Allow + Revoke = Overall Yes Only an explicit Allow (as opposed to an inherited Allow) can override a Revoke. A Revoke is designed to trump inherited access and reduce a user's permissions unless you explicitly Allow (no inheritance) that permission elsewhere in the Node Permissions (e.g. for one of the user's other groups). Use Cases Here are some notable use cases. I may add more later. Creating a private forum Because of the way Revoke works in xenForo you shouldn't use it to restrict a private forum. Instead you should use a special feature in xenForo called Private node. You will see the Private node checkbox when editing the permissions for a specific node. This basically inverts the permissions so that you can specify Allowed groups instead of Revoked groups. This is actually better for group management if you add more groups later. Admin CP -> Users -> Node Permissions -> [click Permissions for a forum] -> Private node
假设你的用户组分为 U1,U2,U3, U1如果拥有查看特殊板块的权限,U2和U3又是从U1提升上来的,那U1~U3都有权限查看特殊板块。 如果不想U1有查看特殊板块的权限,单独在节点板块里取消U1在特殊板块的权限,那U1在特殊板块就没有这个权限了。
