Using @sub for ACL

[markcub]

Hi guys,

I'm going nuts trying to work out why I can't get my @sub's to work. Not even the simplest example from the wiki.

In the scenario

Root

-Channel A

--Channel B

Where Channel B is a child of Channel A which is a child of Root.

Using the interface, I right click Channel A, select Edit and switch to the ACL tab. I add a new ACL entry to the bottom of the list. This is for the group @all.

At the right hand side in the Deny column I tick Enter, as to deny entry to all. The Context is set to 'Applied to sub-channels', and 'Applies to this channel'.

As expected, no-one can enter Channel A or Channel B.

I want to add a sub group entry to Channel A, so that anyone can enter channel B. I know I could just apply my deny rule to only Channel A, but this is a vastly dumbed down scenario. My real server has lots more sub channels, I just wanted to use the most simple scenario possible.

So in the UI, how would I add an @sub or @~sub to Channel A, or whatever it needs to be, so that everyone can enter Channel B. What do I keep selected in Context, what do I click at the right hand side, and what is the Group name that I should be using.

This all seems terribly simple, and I'm sorry for being dumb, but I have tried lots and lots of combinations, and I simply can't get it to work.

Please please put me out my misery and let me know how!

Kind regards,

Mark.

[kissaki]

I can’t even get the deny enter to work with @all …

I can still enter A, because it adds myself with +travers. But even when I put it above @all -travers, I can still enter A.

Well, I think with

@~sub,1 +enter to A,

you should be able to enter B, but not A.

Did you also add the traverse privilege?

[markcub]

I found that if you were in the admin group, you can always enter a channel, you will just be suppressed, but if you're a normal user, you can't get in.

I just think the @sub stuff is broken. It is a pity that community doesn't seem to know the answer :-(

Cheers,

Mark.

[kissaki]

You may want to try asking in IRC. :)

[xhjfx]

We use @sub and it works fine

[cooper-42]

Keep the @all deny entry ACL for Channel A and have it applied to all subchannels.

Go to the ACL for Channel B (and all other channels you want to specifically permit entry to). Add a new entry, at the bottom of the list that is @all permit entry.

The ACL is read from top to bottom, with entries further down the list over-riding those further up if there is a contradiction.

This way you can set deny @all to Channel A and all its subchannels then use ACL for specific subchannels that you want to override this general rule.

Does that get what you want?