Forum OpenACS Q&A: Groups -- the public, unregistered users, permissions

I have a question. Do I need to use the group admin tool to create the groups "The Public" and "Unregistered Users".

Considering the open issues #12, #13, and #15:

I'm not sure if I have my system of groups and permissions configured correctly. Summary: I want to give the unregistered public the ability to:

1. post annonomusly in forum
2. add a bug
3. start a photo album
4. add comments

When I grant permissions to do so, no matter how hard I try (for instance, I grant to "the public" and "unregistered users" all options "read", "write", "create", "post" or almost any of the other options like gc-create- or forum-create -- whereever I do it -- for the root directory, for the application or for specific forums -- no matter what I do, an unregistered user can't post.) I have been unable to get the results that I would expect.

Is there some trick here? Considering the way it's set up, it seams like some explanation is in order. I have read the docs on permissions and I even read the tediously explained version -- and I have searched google and OpenACS forums and it seams like no one has my exact issues (although plenty of people have things to say about the permissions system, we need not go into all that here again...) Did I miss an obvious step in setup? Why doesn't "the public" or "unregistered users" appear as a group in the group admin tool?

I'm using linux, postgres, 4.6.1 @

Posted by Dave Bauer on
An unregistered anonymous user will receive a "user_id" of 0 when it is checked with [ad_conn user_id]. Object_id 0 is not a user, it is a party.

The forums package has a constraint that the user_id stored in the table as the author of the message must exist in the users table. So although the user_id passes the security check, it will cause a referential integrity violation when the attempt to store the message is made.

I will work on some instructions to make these changes to the data model. This seems like a general enough request that perhaps it should be a built in option.

If you will accept submissions from unregistered users, you will want to add some other form of control to prevet abuse.

Thank you for the clarifications -- it helps me understand that I'm not crazy.

If an unregistered user clicked on "post" or "reply" in the forum, they should perhaps go directly to the login screen. That would be the behavior I would expect on a forum that requires login.

What happens instead is: users can press post, they get the form to write the post, they can see the preview and press confirm, and then they are returned to the forum -- as if the reply/post worked...only to have their data lost.

Similar things are happening on other apps too -- for instance, an unregistered user can go to the photo album, click on "add and album", name the album and all, press submit -- then they get this error:

We had a problem processing your entry:
We got an error that we couldn't readily identify. Please let the system owner know about this.
Database operation "0or1row" failed (exception NSDB, "Query was not a statement returning rows.")
Please back up using your browser, correct it, and resubmit your entry.
Thank you.

The user experience on General comments is similar. They can add the comment, confirm it, and they are thrown to the login. But if they don't login, the data is lost.

For all these cases, changing the write permissions for unregistered users or the public have little effect on improving the experience...

I'm aware that an unmoderated open public photo album or forum is not a great thing to host -- if the user experience made more sense, then I would leave it and require login. However -- and this is the important part -- I can't host a site were users think they're posting in the forum anonymously but they're actually losing their data...

I've come to understand that the permission admin tools are very confusing. I'm probably going to get under the hood more, thanks to your help, I'll understand more one day...

Posted by Dave Bauer on

For some reason forums does not redirect to login right when you attempt to post. Perhaps that is to encourage registration. That is, if you have already typed your message maybe you are more inclined to create an account than if you are presented with the registration screen before typing your message.

If not allowing annonymous posting what would you expect the behavior to be?

I suspect we should always tell the user the consequences of aborting the registration process.

Posted by Don Baccus on
It should probably supress the "reply" and "post" buttons/links if you don't have permission to do so (making a perm check would prepare us for the day when we *do* allow anon posts as an option)

Looks like a coding oversight to me ... forums was developed in the dotlrn context and you can't get into dotlrn without first logging in so OF probably never considered the not logged in case.

If not allowing anonymous posting what would you expect the behavior to be?

That's a very good question with more then one answer. Q: Which answer is the best? A: The one the user expects.

Of course, the users don't always get what they want because these are difficult problems to many different expectations. As an admin of one of these sites, we naturally want easy unlimited flexibility -- so don't listen to me :-) Seriously, what should the behavior be? What's best in a forum that requires login? The quick and simple answer is: Don't give unregistered users the choice to post at all.

Personally, however, it doesn't bother me when I'm asked to set up an account after I've invested in writing a reply, because the topic obviously interests me and I can always (or usually) give them a fake email address from (disposable email address! btw) if I don't trust the site.

So it seams to me that it's okay to let unidentified users to compose a post before asking them to login, however, the user should be warned, probably on the "confirm" step, that login will be required after they confirm. "If you don't log in, your post will not be published" (or requires approval...which is another thing and probably the subject of another thread even *).

Considering all, I think that when the system is set to allow the public to post, the user would be given a radio button choice as they confirm the post, to either login/register or to "post anonymously."

Actually, here's how it would work in a perfect world (I'm not saying this is practical on OpenACS or that the system needs to allow this easily.) Ideally, the system would only ask the user for information when necessary. An unregistered user clicks "post" or "reply" and lands on the form. The form would include an optional field asking for email address because the system is attempting to discover who this user is. The Confirm page would then ask for either a password if the email is already a user, or the user would be given the radio button choice to either post anonymously or "join". If the user gave what appears to be a valid email address, they would be opted into: I want to join and post. If the user left the email field blank then they would be opted to: I want to post anonymously.

Yellow or Red highlighted text is good, visually, for setting the users attention. I'm probably going to add that warning on top of all the confirm pages because the user isn't scrolling down in long posts to see the confirm button. I give the bold tag a different class in my css file to highlight things.

* As an admin of community sites, I would want anonymous contributions to post immediately when the community is small, however, if it became a problem, or when the community grows, I may want anonymous posts to require a moderator approval before appearing -- like the ACSnews module is configured. That delay would be the price that the user pays for posting anonymously. I would only want to toggle it to moderator or login required if we were getting spammed or harassed.

Posted by Dave Bauer on

We want to offer POST and REPLY because even if you have to register or sign in, we want to encourage posting I think.

Or optionall a "If you were logged in (link to login) you could post" might be clearer.

Posted by Lars Pind on
Why don't we just implement anonymous postings, while we're at it? :)

If we did, how would we do it? Create a special 'Anonymous Coward' user, or use the existing 'Unregistered Visitor' person with person_id 0?

I guess if we use person_id 0, then we'll have to figure out another way of granting site-wide admin than granting permissions on object 0. Or maybe that wouldn't be a problem, actually.


Posted by Jeff Davis on
Lars, Don already changed the security context root to -4 from 0 so
that's not an issue (if you look in the permissions screen for a new
site you should not see any direct permissions on 0: ) I don't see
anything in the way of doing this other than fixing some of the
screens to edit personal data so user_id 0 can't edit their own data.

Right, but does object_id 0 have to be a user. Would it be better to allow forums posters to be a person instead of a user (which would include all users)?

I brought this up in another thread. Right now creation user of acs_objects has no restriction, so you can put any integer in there. Forums_messages specifically references the users table.


Sure, once we figure this out, it will be simple enough to enable the feature in forums and general comments. The work I am doing on general comments will allow anonymous posting (if enabled by the administrator.)

I think trying to sweep through and make things work with "persons" rather than "users" is more work that it's worth (for example you might want to have anonymous posting of attachments, photos, general comments, etp pages, etc). Rather than change all these things to use persons because you don't want to change object 0 to a user it's just easier to make object 0 a user.