[Solved]: Users with multiple group identities

[louisli]

I have an album which is open to "registered" users only becaused I wanted all registered members to see.

I have the "registered" group with permissions:
- Ratings: yes
- e-cards: yes
- Comments: yes

And a "p-friends" group with permission:
- Ratings: yes
- e-cards: no
- Comments: yes

I have made a test account "testuser", I don't want this group of users to send e-cards, while I want them to read the album mentioned above
I have changed his primary group to "p-friends" and secondary group to "registered".  After this user logged in, he can still send e-cards, I tried to swap his primary and secondary groups but this still appears happens.

What should I do so this user is not able to send e-cards?

(CPG 1.4.18 with modpack from SF.net page)

Thanks.

Louis

[Joachim Müller]

Members of additional (user defined) groups are still members of the built-in registered group. Members of the user-defined group "p-friends" are therefor members of the standard group "registered" as well. The least restrictive set of permissions apply, so members of the group "p-friends" can send ecards. There is no way to circumvent the fact that members of custom groups are member of the original group "registered" as well (and it would not make any sense btw.). Your permissions should be set from restrictive for the default and non-restrictive for advanced users you know and trust.
Make this the other way round: set permissions for the registered group not to be allowed to send ecards. Create a custom group that is allowed to send ecards and promote your privileged users to be members of that group as well.

[louisli]

ic, it works now, thank you