updating groups access control so:

1. Guests can no longer receive the moderate bit
  2. If you attempt to grant the moderate privilege to a public group, a confirmation modal appears
  3. A lock icon is present next to all private groups

public/src/admin/manage/category.js

@@ -184,24 +184,24 @@ define('admin/manage/category', [
 				privilege = checkboxEl.parent().attr('data-privilege'),
 				state = checkboxEl.prop('checked'),
 				rowEl = checkboxEl.parents('tr'),
-				member = rowEl.attr('data-group-name') || rowEl.attr('data-uid');
+				member = rowEl.attr('data-group-name') || rowEl.attr('data-uid'),
+				isPrivate = parseInt(rowEl.attr('data-private') || 0, 10),
+				isGroup = rowEl.attr('data-group-name') !== undefined;
 
 			if (member) {
-				socket.emit('admin.categories.setPrivilege', {
+				if (isGroup && privilege === 'groups:moderate' && !isPrivate && state) {
-					cid: ajaxify.variables.get('cid'),
+					bootbox.confirm('<strong>Are you sure you wish to grant the moderation privilege to this user group?</strong> This group is public, and any users can join at will.', function(confirm) {
-					privilege: privilege,
+						if (confirm) {
-					set: state,
+							Category.setPrivilege(member, privilege, state, checkboxEl);
-					member: member
+						} else {
-				}, function(err) {
+							checkboxEl.prop('checked', checkboxEl.prop('checked') ^ 1);
-					if (err) {
+						}
-						return app.alertError(err.message);
+					});
-					}
+				} else {
-
+					Category.setPrivilege(member, privilege, state, checkboxEl);
-					checkboxEl.replaceWith('<i class="fa fa-spin fa-spinner"></i>');
+				}
-					Category.refreshPrivilegeTable();
-				});
 			} else {
-				app.alertError('No member or group was selected');
+				app.alertError('[[error:invalid-data]]');
 			}
 		})
 	};
@@ -220,6 +220,22 @@ define('admin/manage/category', [
 		});
 	};
 
+	Category.setPrivilege = function(member, privilege, state, checkboxEl) {
+		socket.emit('admin.categories.setPrivilege', {
+			cid: ajaxify.variables.get('cid'),
+			privilege: privilege,
+			set: state,
+			member: member
+		}, function(err) {
+			if (err) {
+				return app.alertError(err.message);
+			}
+
+			checkboxEl.replaceWith('<i class="fa fa-spin fa-spinner"></i>');
+			Category.refreshPrivilegeTable();
+		});
+	};
+
 	Category.launchParentSelector = function() {
 		socket.emit('categories.get', function(err, categories) {
 			templates.parse('partials/category_list', {

public/src/modules/helpers.js

@@ -108,7 +108,7 @@
 		}
 	};
 
-	helpers.spawnPrivilegeStates = function(privileges) {
+	helpers.spawnPrivilegeStates = function(member, privileges) {
 		var states = [];
 		for(var priv in privileges) {
 			if (privileges.hasOwnProperty(priv)) {
@@ -119,7 +119,7 @@
 			}
 		}
 		return states.map(function(priv) {
-			return '<td class="text-center" data-privilege="' + priv.name + '"><input type="checkbox"' + (priv.state ? ' checked' : '') + ' /></td>';
+			return '<td class="text-center" data-privilege="' + priv.name + '"><input type="checkbox"' + (priv.state ? ' checked' : '') + (member === 'guests' && priv.name === 'groups:moderate' ? ' disabled="disabled"' : '') + ' /></td>';
 		}).join('');
 	};
 

src/privileges/categories.js

@@ -117,6 +117,19 @@ module.exports = function(privileges) {
 
 							next(null, memberData);
 						});
+					},
+					function(memberData, next) {
+						// Grab privacy info for the groups as well
+						async.map(memberData, function(member, next) {
+							groups.isPrivate(member.name, function(err, isPrivate) {
+								if (err) {
+									return next(err);
+								}
+
+								member.isPrivate = isPrivate;
+								next(null, member);
+							});
+						}, next);
 					}
 				], next);
 			}

src/views/admin/manage/category.tpl

@@ -79,7 +79,7 @@
 				<div class="panel-body">
 					<p>
 						You can configure the access control privileges for this category in this section. Privileges can be granted on a per-user or
-						a per-group basis. You can add a new user or group to this table by searching for them in the form below.
+						a per-group basis. You can add a new user to this table by searching for them in the form below.
 					</p>
 					<p class="text-warning">
 						<strong>Note</strong>: Privilege settings take effect immediately. It is not necessary to save the category after adjusting

src/views/admin/partials/categories/privileges.tpl

@@ -11,7 +11,7 @@
 							<tr data-uid="{uid}">
 								<td><img src="{picture}" title="{username}" /></td>
 								<td>{username}</td>
-								{function.spawnPrivilegeStates, privileges}
+								{function.spawnPrivilegeStates, username, privileges}
 							</tr>
 							<!-- END privileges.users -->
 							<!-- ELSE -->
@@ -31,9 +31,14 @@
 								<!-- END privileges.labels.groups -->
 							</tr>
 							<!-- BEGIN privileges.groups -->
-							<tr data-group-name="{privileges.groups.name}">
+							<tr data-group-name="{privileges.groups.name}" data-private="<!-- IF privileges.groups.isPrivate -->1<!-- ELSE -->0<!-- ENDIF privileges.groups.isPrivate -->">
-								<td>{privileges.groups.name}</td>
+								<td>
-								{function.spawnPrivilegeStates, privileges}
+									<!-- IF privileges.groups.isPrivate -->
+									<i class="fa fa-lock text-muted" title="This group is private"></i>
+									<!-- ENDIF privileges.groups.isPrivate -->
+									{privileges.groups.name}
+								</td>
+								{function.spawnPrivilegeStates, name, privileges}
 							</tr>
 							<!-- END privileges.groups -->
 						</table>