Group policy for invitations and applications
Hi,
I'm trying to implement policies to limit who can send group invitations and who can accept group applications. Currently I have the following
{
"Action": "*", "Effect": "Allow", "Resource": "pfrn:group--group!*/Invitations/*", "Principal": { "MemberOf": { "RoleId": "admins" }, "ChildOf": { "EntityType": "title", "EntityId": "7AB" } }, "Comment": "Only Admins can access invitations","Condition": null }, { "Action": "*", "Effect": "Allow", "Resource": "pfrn:group--group!*/Applications/*", "Principal": { "MemberOf": { "RoleId": "admins" }, "ChildOf": { "EntityType": "title", "EntityId": "7AB" } }, "Comment": "Only Admins can access applications", "Condition": null }
I am not sure whether it is correct or event if it makes sense.
I have not tried the invite flow, but for applications, non-admin members are able to accept applications.
The application flow is not much of a concern, as I can pipe it through CloudScript and validate the user doing the acceptance. Invitations are a different issue, as sending an invitation from CloudScript sets the title entity as the inviting entity
{
"Action": "*",
"Effect": "Allow",
"Resource": "pfrn:group--group!*/Invitations/*",
"Principal": {
"MemberOf": {
"RoleId": "admins"
},
"ChildOf": {
"EntityType": "title",
"EntityId": "7AB"
}
},
"Comment": "Admins access to invitations",
"Condition": null
},
{
"Action": "*",
"Effect": "Allow",
"Resource": "pfrn:group--group!*/Applications/*",
"Principal": {
"MemberOf": {
"RoleId": "admins"
},
"ChildOf": {
"EntityType": "title",
"EntityId": "7AB"
}
},
"Comment": "Admins access to applications",
"Condition": null
}
formatting policy edit
Best Answer
I think the default Group Policy works just fine for your use case: Only members of the group admins role can send invitations and accept group applications. This is done using the following statement (actually it permits the admin player to do anything with the group):
{
"Action": "*",
"Effect": "Allow",
"Resource": "pfrn:group--*!*/*",
"Principal": {
"MemberOf": {
"RoleId": "admins"
}
},
"Comment": "Allow members of the group administrator role to do anything with the group",
"Condition": null
}
You were saying that non-admin members are able to accept applications, however, my test result shows the opposite. Would you please share your current group policy in [Game Manager] -> [Groups] -> [One_of_your_groups] -> [Policy] for us to investigate further?
