User in two groups with different download permissions can't download

[steve30000]

I have two different groups on my site - instructors and students.  The instructors group has permission to download files in the category "Solutions" while the student group does not. if a user is one group or the other the site behaves as expected. If a user is in both groups however (some instructors want to see what their students will see on the site), then that user can no longer download files from the Solutions category. 

Is that expected behavior or shouldn't being a member of a group that has permission to download override being a member of a group that doesn't have permission to download?

[ColinM]

Hi
You presumably have the students downloads and the teacher downloads in separate categories?  If they are not you have a problem!
Let the student top level category be scat and the teacher downloads be in tcat.  Similarly let the students be in sgroup and the teachers in tgroup
For both groups let the parent group be Registered. This avoids giving permission inadvertently to allow users to gain permissions for other actions.
Also for both groups make sure that the component permissions are all set to inherited.

Now goto the scat and select the sgroup. Give sgroup Allowed for the download permission.  Also goto group tgroup in scat and give tgroup Allowed for download permission. At each stage do a Save to check that the calculated  permissions are as expected.
Now all students and all teachers will be able to download items from the Downloads in scat.

Obviously we go to tcat and Allow tgroup download  permission. Check that sgroup in tcat has inherited so that the calculated download permission for sgroup is not allowed.

A variation is to make the tgroup have sgroup as its parent.  tgroup the inherits permissions from sgroup. It might also allow teachers to edit students Downloads, which could be unwise.

However you may want to be selective about which teachers can download from sgroup. So make a bgroup (b for both ).. Category scat would have tgroup set to inherited and bgroup in scat set to allowed

The following article may help.  The message is that the permission are given to groups from within each category.

http://www.jdownloads.net/documentations/item/controlled-access-to-categories-and-downloads

Colin

[steve30000]

Using your example, my issue is when a user is a member of both tgroup and sgroup. How can I have this user still download from tcat (which has a download setting of denied for sgroup which seems to overrule the Allowed setting of tgroup)?

[ColinM]

Hi
Never use Denied!!  It overrules everything!  By default Joomla! uses a Not Allowed status.  If you find you need to use Deny then you probably have a less than optimal configuration.
Where you have set it to denied change to inherited and you should see that the Calculated permissions are not allowed.  If you find it is still Allowed after doing the Save then it has been allowed some where higher up the chain, probably in the Component permissions.  You can get at these through the Options button on the jDownloads Control Panel in the top bar - see attached.

If you want to be really safe then also make use of the View Access Levels as illustrated in the last example of the article.  This can also apply to menu items. With this users do not know they are being refused permission!

Colin

[gelöscht durch Administrator]

[cygan89]

I cant do this... what next

[ColinM]

@cygan98
Hi I do not understand, please explain a little more.  Is your problem the same?

@steve30000
The problem here is most likely the implied user group membership that Joomla! uses.  Also think about inheritance:  A child can inherit from its parent but not the other way around.  A child may also gain "assets" that their parent does not possess.  So think from low to high, with the least number of permissions at the root of the chain.

There are multiple ways of organising the user groups. One such way is as follows.

The sgroup is the lower level group so make their parent the Registered group.  Then set the tgroup with the sgroup as its parent.  So any permissions that you give to sgroup will be inherited by members of tgroup.  Now if we have a top level jD category called swork where there will be Downloads containing assignments for students in sgroup then we would give sgroup download permission in category swork.  Because tgroup have sgroup as their parent then tgroup will also have download capability.  Also in category swork give tgroup create, edit and edit own permissions.

If there are multiple "sets"  then set up a parallel structure t1group, s1group, t2group, s2group, ...  These groups may or may not share resources.  For example common Downloads could be put in category swork, items for s1group could be put in a subcategory of swork called swork1.  In category swork1 we would give user group s1group download permission, and user group t1group create etc permissions.  Note category swork would not have any permissions set for either t1group or s1group as they would inherit 'not allowed'.  You then assign users to one or more groups as appropriate.

What I have not covered in the above is the Access Levels.  If they remain at Public then all groups will be able to see all downloads, which may not be desirable.  Please ask if you need nmore assistance.

Colin