Hello everyone!

One thing that appears a little strange to me is ACLs for message groups and message areas.

It appears that the ACL flag "g" only matches if the user is *standing* in
(has joined) a certain message group -- not that the user *fulfils* the requirements (ACL) for the message group, which I would have expected.

So if I create a message group "fsxNet" as message group #2 and set its ACL so "s10" (to allow access for new users and above), I cannot simply rely on "g2" in the ACLs of the message boards to limit access.

For instance -- if I recall correctly from all my previous experiments -- if global personal mail scan finds a message addressed to you (e.g. in FidoNet, message group #3), and you reply to it, but are currently standing in another message group (e.g. fsxNet, message group #2), the reply will fail if the post ACS of the "target" message board contains "g2".

Or if you set "s10" as the ACL for the default (local) message group (#1), and put "g1" in the read and/or post ACLs for some of the default message
boards (e.g. "Private Messages"), you cannot always read or reply to private messages during the post-login mail scan if you're not positioned in that message group.

I was hoping to be able to use the ACLs of the message groups as a central point where I could easily specify "default" access rights for those
message groups, simplifying the ACLs of all the message boards in each
message group, but it appears it doesn't work that way... Or is there another ACL function (code) that I am missing?

All input appreciated! :)

Many thanks in advance!

Best regards
Zip

--- Mystic BBS v1.12 A43 2019/03/02 (Linux/64)
* Origin: Star Collision BBS, Uppsala, Sweden (21:1/202)

On 28 Sep 2019, Zip said the following...

It appears that the ACL flag "g" only matches if the user is *standing*
in (has joined) a certain message group -- not that the user *fulfils*
the requirements (ACL) for the message group, which I would have
expected.

Not sure if this is what you are going for, but stinging multiple ACL codes together might be the magic bullet. For example my FSXnet group is #2, and my message base ACL's are s10g2 for read/list/post and s255g2 for sysop access.

--- Mystic BBS v1.12 A43 2019/03/02 (Linux/32)
* Origin: Blue Northern Software | bnsbbs.ddns.net:23000 (21:4/111)

On 28 Sep 2019 at 09:24a, Zip pondered and said...

Hello everyone!

One thing that appears a little strange to me is ACLs for message groups and message areas.

It's a bit late and I confess reading your post kinda didn't make much sense
to me. But know that with access control stings you can combo them up to require let's say a mix of security level and/or message group membership in order to see a message base, read it, post to it etc.

Have you looked at the wiki on this topic?

http://wiki.mysticbbs.com/doku.php?id=access_control

It appears that the ACL flag "g" only matches if the user is *standing*
in (has joined) a certain message group -- not that the user *fulfils*
the requirements (ACL) for the message group, which I would have
expected.

Gx - This command is used to check if a user is in a certain
message group. Where X is the number of the group as listed
in the message group editor. For example: G1 will require
the user to be in message group #1 in order to pass.

Any message group can have it's own ACS requirements set up under Message
Group Editor ... so a user must meet those ACS settings to even have access
to the group and the bases associated with it.

So here at Agency


Ûßßßßßßß Message Group Editor ßßßßßßßßÜ
Û Û
Û ID Message Group Name Û ²
ÜÜ °ÛÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÛ ±Û±°²
Ûßßßßßßßßßßßßßßßßßßßßßßß ID 2 ßßßßßßßßßßßßßßßßßßßßßßßÜÜ
Û ÛÛ
Û Name ³ fsxNet ÛÛ
Û Access ³ s10 Û²
Û Hidden ³ No Û°
Û ÛÛ ßÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÛ
Û 8 Amiganet °ß ß

I have fsxNet set up as group 2 and the ACS is simply s10 which is checking
if a user meets a security level of 10 ... but it could be much more than
that if I wanted it to be.

e.g. ACS is set to (s20!s21|s255)|u10|(h22!h23)

The above ACS says that the user must have ANY one of the following things to have access:

User must have a security level of at least 20 but NOT 21 or higher
(exactly level 20), OR they can have a security level of 255.

OR

User must be user ID #10 who may be a specific person you may want
to have access regardless of any other parameters

OR

The user must be accessing the command between 10pm and 11pm.

..and that's just the ACS rules for getting into the message group :)

Then at a message base level you can also use ACS to set up rules for
listing, reading, posting, sysop access etc.

ßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßß ID 70
Name ³ General Chat
Base Type ³ EchoMail
Newsgroup ³ FSX_GEN
QWK Name ³ FSX_GEN
Echo Tag ³ FSX_GEN
File Name ³ fsx_gen
Path ³ c:\bbs\mystic\msgs\fsx\
List ACS ³ s10g2
Read ACS ³ s10g2
Post ACS ³ s20g2
Sysop ACS ³ s255g2


I hope this helps, but keep asking me questions and I'll do my best to help (with more sleep :))

--- Mystic BBS v1.12 A43 2019/03/03 (Windows/32)
* Origin: Agency BBS | Dunedin, New Zealand | agency.bbs.nz (21:1/101)

Hello Scarecrow!

Thank you for your reply!

On 28 Sep 2019, Scarecrow said the following...

Not sure if this is what you are going for, but stinging multiple ACL codes together might be the magic bullet. For example my FSXnet group is

Yes, thanks, I'm currently using that for the echomail areas, but I think the extended reply feature won't work (for sure) as soon as the g codes are in
the ACLs.

I believe I had the most problems with (local) private messages and
netmail areas, as one probably isn't in the netmail area when reading (and wanting to reply to) netmails, or in the private messages area when reading (and wanting to reply to) private messages.

Speaking of which -- does anyone know if there is a way to make the e-mail
scan upon login not find/show local, private messages that one has already read? It appears one has to delete the messages or they will show up every
time on login.

Thanks in advance!

Best regards
Zip

--- Mystic BBS v1.12 A43 2019/03/02 (Linux/64)
* Origin: Star Collision BBS, Uppsala, Sweden (21:1/202)

Hello Avon!

Thank you for your reply!

On 28 Sep 2019, Avon said the following...

Have you looked at the wiki on this topic? http://wiki.mysticbbs.com/doku.php?id=access_control

Yep! :)

I would wish for an ACS code along the lines of:

GAx - This command is used to check if a user has access to a certain
message, based on the ACS of that message group. Where X is the
number of the message group as listed in the message group editor.

For example: GA1 will require the user to satisfy the ACS of
message group #1 in order to pass.

The the ACSs of the message boards could be just like in your example (but
with "ga2" instead of "g2").

And any access restrictions that you want to apply to all message boards of a certain message group (e.g. "FA" to require flag A for fsxNet access) could be specified in the ACS of the message group only, with no changes having to be made for all ACSs of all the message boards in that message group = less work.


This would also ensure that the "extended reply" feature will work correctly, i.e. that you are actually able to reply to an echomail message and have the reply posted to another message board than the one that the original message was in (granted that this perhaps isn't a very commonly used feature).

As it is now, the "g2" requirements of the Post ACSs of the message boards
will require you to have fsxNet selected (joined) which might not always be
the case.


To conclude:

My impression is that the ACS of a message group only determines
whether the message group will be listed when joining a message group from
the message menu. And that the ACS of a message group currently cannot be "inherited" by message boards by specifying "gX" in their ACSs (as this only checks which message group you've currently *joined*, not if you *would be able* to actually join the specified message group).

The adverse effects of setting "gX" in the Read and Post ACSs of message
boards are probably most notable when setting them on local message boards or netmail boards, because then you can encounter a situation in which the mail scan will show that you have messages waiting, and they are listed for you,
but you're not allowed to read them or reply to them (as you're currently
in another message group)...

I hope this makes at least some sense. :-D

Best regards
Zip

P.S.

Another thing to watch out for (avoid) is to set e.g. "s10" (or "g1") on
the local "Private Messages" message board -- as new user feedback is posted with security level 0 I believe (the user account does not get security level 10 before the call has ended?).

Also, if a user has forgotten his/her password and wishes to send a message to the SysOp for his/her password to be reset manually, the posting is made by
an "Unknown" user with security level 0, which could result in the user not being able to post anything.

D.S.

--- Mystic BBS v1.12 A43 2019/03/02 (Linux/64)
* Origin: Star Collision BBS, Uppsala, Sweden (21:1/202)