SMF Development > Bug Reports

[2.0] Global Mod can modify and remove Admin Posts

<< < (3/6) > >>

Kindred:
yes, that is true....   again, not a bug - although I see the point of making the admin untouchable, I also see a point of "don't give that sort of access to people you don't trust"

feline:

--- Quote from: Kindred on July 27, 2011, 03:53:10 PM ---I also see a point of "don't give that sort of access to people you don't trust"

--- End quote ---
That's also very difficult ... Normally anyone in a forum know the other really  ;)

Illori:
that is not always true, look at the team here at sm.org most of us did not know each other until we made the team, that does not mean that we are given full admin access just because we are on the team. we are only trusted to a point with certain permissions.

Illori:
comments from developers on if this is a bug or not?

NetHunter:

--- Quote from: feline on July 25, 2011, 04:09:42 PM ---Here a simple fix ... In Display.php
search for:

--- Code: --- // Run BBC interpreter on the message.
$message['body'] = parse_bbc($message['body'], $message['smileys_enabled'], $message['id_msg']);

--- End code ---
add after:

--- Code: --- $can_modify = allowedTo('modify_any') && ($user_info['is_admin'] || $message['id_member']['group_id'] != 1);
$can_delete = allowedTo('delete_any') && ($user_info['is_admin'] || $message['id_member']['group_id'] != 1);

--- End code ---

search for:

--- Code: --- 'can_modify' => (!$context['is_locked'] || allowedTo('moderate_board')) && (allowedTo('modify_any') || (allowedTo('modify_replies') && $context['user']['started']) || (allowedTo('modify_own') && $message['id_member'] == $user_info['id'] && (empty($modSettings['edit_disable_time']) || !$message['approved'] || $message['poster_time'] + $modSettings['edit_disable_time'] * 60 > time()))),
'can_remove' => allowedTo('delete_any') || (allowedTo('delete_replies') && $context['user']['started']) || (allowedTo('delete_own') && $message['id_member'] == $user_info['id'] && (empty($modSettings['edit_disable_time']) || $message['poster_time'] + $modSettings['edit_disable_time'] * 60 > time())),

--- End code ---

replace by:

--- Code: --- 'can_modify' => (!$context['is_locked'] || allowedTo('moderate_board')) && ($can_modify || (allowedTo('modify_replies') && $context['user']['started']) || (allowedTo('modify_own') && $message['id_member'] == $user_info['id'] && (empty($modSettings['edit_disable_time']) || !$message['approved'] || $message['poster_time'] + $modSettings['edit_disable_time'] * 60 > time()))),
'can_remove' => $can_delete || (allowedTo('delete_replies') && $context['user']['started']) || (allowedTo('delete_own') && $message['id_member'] == $user_info['id'] && (empty($modSettings['edit_disable_time']) || $message['poster_time'] + $modSettings['edit_disable_time'] * 60 > time())),

--- End code ---

Now the Global Mod can't modify or delete posts made by members in  the Admin Group (id 1)..

--- End quote ---

This only remove the buttons. If someone knew the direct link (not so difficult) its useless. I think some enhanced code must placed in Security.php.

Best regards
NetHunter

Navigation

[0] Message Index

[#] Next page

[*] Previous page

Go to full version