Dizkus

Well, I thought I had a reasonable understanding of permissions until I tried to deny access to a particular module - phpBB2 for a specific group of users. The following is my permissions layout

Admins | .* | .* | Admin
All groups | Menublock:: | Main Menu:Administration: | None
Users | Downloads::Category | .*:1 | None
Users | .* | .* Comment
NoForum | phpBB2:: | .* | None
NoForum | .* | .* | None
Unregistered | Menublock:: | Main Menu:(My Account|Logout|Submit News): | None
Unregistered | .* | .* | Read

I tried using a catch-all permission for NoForum to deny everything, but this only works for some modules. Because of this, I also added the phpBB2:: | .* permission specifically, but this still allows users soley in the group NoForum to view the forum. Before you ask, I have removed the users from the "Users" group so the only group they belong to is the "NoForum" group.

Can anyone shed any light onto what i'm doing wrong and how I can disallow access.

RgdZ

Pneumatus®

phpBB2 is AFAIK not integrated into the PostNuke permission schema and uses its own group and permission management...

--
regards from germany
..::[Zikula Application Framework]::.. ..::[SEO-Blog]::.. ..::[CMS Sicherheit]::..

Hi,

I havd a look at index.php for the phpBB2 module and found there was no permission checking so I performed the following code hack:

After line 26 INSERT:

[php:1:1ebaec3174]if (pnSecAuthAction(0, 'phpBB2::', "::", ACCESS_READ)) { [/php:1:1ebaec3174]

Before the PHP close tag at the end of the page, INSERT:

[php:1:1ebaec3174] } else {
echo "You are not authorised to view our forum.";
}[/php:1:1ebaec3174]

Hope this is of some help to someone!