Group policy for invitations and applications

Question

question

Luis Saenz asked Mar 7, '20

Group policy for invitations and applications

Hi,

I'm trying to implement policies to limit who can send group invitations and who can accept group applications. Currently I have the following

{

"Action": "*", "Effect": "Allow", "Resource": "pfrn:group--group!*/Invitations/*", "Principal": { "MemberOf": { "RoleId": "admins" }, "ChildOf": { "EntityType": "title", "EntityId": "7AB" } }, "Comment": "Only Admins can access invitations",
"Condition": null }, { "Action": "*", "Effect": "Allow", "Resource": "pfrn:group--group!*/Applications/*", "Principal": { "MemberOf": { "RoleId": "admins" }, "ChildOf": { "EntityType": "title", "EntityId": "7AB" } }, "Comment": "Only Admins can access applications", "Condition": null }

I am not sure whether it is correct or event if it makes sense.

I have not tried the invite flow, but for applications, non-admin members are able to accept applications.

The application flow is not much of a concern, as I can pipe it through CloudScript and validate the user doing the acceptance. Invitations are a different issue, as sending an invitation from CloudScript sets the title entity as the inviting entity

apis documentation

1

10 |1200

Attachments: Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Luis Saenz commented · Mar 07, 2020 at 02:13 AM

  {
    "Action": "*",
    "Effect": "Allow",
    "Resource": "pfrn:group--group!*/Invitations/*",
    "Principal": {
      "MemberOf": {
        "RoleId": "admins"
      },
      "ChildOf": {
        "EntityType": "title",
        "EntityId": "7AB"
      }
    },
    "Comment": "Admins access to invitations",
    "Condition": null
  },

  {
    "Action": "*",
    "Effect": "Allow",
    "Resource": "pfrn:group--group!*/Applications/*",
    "Principal": {
      "MemberOf": {
        "RoleId": "admins"
      },
      "ChildOf": {
        "EntityType": "title",
        "EntityId": "7AB"
      }
    },
    "Comment": "Admins access to applications",
    "Condition": null
  }

formatting policy edit

0 ·

Answer 1 · 2020-03-09T07:43:30Z

Citrus Yan answered Mar 9, '20

I think the default Group Policy works just fine for your use case: Only members of the group admins role can send invitations and accept group applications. This is done using the following statement (actually it permits the admin player to do anything with the group):

  {
    "Action": "*",
    "Effect": "Allow",
    "Resource": "pfrn:group--*!*/*",
    "Principal": {
      "MemberOf": {
        "RoleId": "admins"
      }
    },
    "Comment": "Allow members of the group administrator role to do anything with the group",
    "Condition": null
  }

You were saying that non-admin members are able to accept applications, however, my test result shows the opposite. Would you please share your current group policy in [Game Manager] -> [Groups] -> [One_of_your_groups] -> [Policy] for us to investigate further?

10 |1200

Attachments: Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

question