Wouldn't it be better if JForum's access control was permission-based instead of restriction-based?
For example, in the Admin control panel / Group permission control, I think it would be far better if you could specify which groups are ALLOWED to see which categories, instead of DENIED. Otherwise, if you crate a new secret category, you have to explicitly deny access for all non-authorized groups/users. And if a new user is created...
If I understand the current wisdom correctly, permission-based security is The Right Thing (tm).
Perhaps JForums design is inherited from phpBB? If so, JForum has the opportunity to become much better if the access control model is changed to permission-based.
Cheers!
Per
[originally posted on jforum.net by per]