Co-admin

[colby2152]

I want to have a co-admin, but I don't want them to have full admin powers.  Specifically, I want them to be able to modify a board BUT NOT DELETE IT.  Any way to do this?

[Sir Osis of Liver]

Admins have all permissions, you can't change that.  Create another membergroup called Admin, and you can set up permissions any way you like.

[Illori]

there is no permission on the ability to delete boards, you would need a mod for that.

[Sir Osis of Liver]

An Administrator can delete boards, but no other membergroup can if there is no permission for it, so creating a new group called Admin with all permissions allowed should basically do what the op wants.

[Illori]

no that is not true, i just tested giving another group all perms they can still delete the boards.

[Sir Osis of Liver]

So there is no way to remove that permission if a group has all permissions?  Doesn't make sense.  Obviously all groups can't normally delete boards, so which permission allows them to do so?

[Illori]

Manage boards and categories seems to be the only permission for creating/deleting boards

will not keep you from deleting them if you can create them, you need a custom permission for such.

[Sir Osis of Liver]

Understood - thanks.

[hcfwesker]

Well, if you'd just like to remove the "Delete Board" option entirely.

Go to Themes/default/ManageBoards.template.php

Find and remove this portion

Code Select Expand

if (!isset($context['board']['is_new']) && empty($context['board']['is_recycle']))
echo '
<span', $context['board']['is_recycle'] ? ' style="visibility:hidden">' : '>', '<input type="submit" name="delete" value="', $txt['mboards_delete_board'], '" onclick="return confirm(\'', $txt['boardConfirm'], '\');"', ' class="button_submit" /></span>';


And, when YOU need to remove a board, you can delete it through phpMyAdmin, or add the line of code back in where it originally was, just long enough to remove the board.  Just tested and it works.  But, use at your own risk. 

[Sir Osis of Liver]

Should be able to make that conditional so it only works for Administrator.  I'll tinker with it tonight if I have time.

[Sir Osis of Liver]

This should do it.

In ManageBoards.template.php -

Find this:

Code Select Expand



if (!isset($context['board']['is_new']) && empty($context['board']['is_recycle']))
echo '
<span', $context['board']['is_recycle'] ? ' style="visibility:hidden">' : '>', '<input type="submit" name="delete" value="', $txt['mboards_delete_board'], '" onclick="return confirm(\'', $txt['boardConfirm'], '\');"', ' class="button_submit" /></span>';





Change it to this:

Code Select Expand



/// Restrict board delete to one Administrator

if (!isset($context['board']['is_new']) && empty($context['board']['is_recycle']) && $context['user']['id'] == 1)
echo '
<span', $context['board']['is_recycle'] ? ' style="visibility:hidden">' : '>', '<input type="submit" name="delete" value="', $txt['mboards_delete_board'], '" onclick="return confirm(\'', $txt['boardConfirm'], '\');"', ' class="button_submit" /></span>';



Use your user id in $context['user']['id'] == 1.  All admins will be able to create/modify boards, but only you can delete them.  The 'Delete Board' option is removed - only you can see it.

[hcfwesker]

Nice work, Krash.

[Aleksi "Lex" Kilpinen]

I want to have a co-admin, but I don't want them to have full admin powers. 

The traditional answer to your question would really be that you don't want a co-admin then.

Admins by definition have admin level access and permission - if you do not want to share all permissions,
then you really, really do not want to make them admins! Deleting or modifying a board is the slightest of your worries, if you really think you can't trust your co-admin with something like that to begin with.

Anyone with administrative access to your forum can basically destroy everything in it. That simple.
Keep it in mind.

EDIT:

Also, Krash's "fix" is nothing more than make up. It removes the option from sight, but it doesn't stop them from using it really.

[Sir Osis of Liver]

Also, Krash's "fix" is nothing more than make up. It removes the option from sight, but it doesn't stop them from using it really.

Most users will not know how to get around it.  Those who do will be able to hack the forum regardless.  I think there's a basic assumption that anyone the forum owner assigns admin privleges is known to him and reasonably trustworthy, and the fix is a practical way of making the option unavailable.

[Aleksi "Lex" Kilpinen]

I think there's a basic assumption that anyone the forum owner assigns admin privleges is known to him and reasonably trustworthy

Yes, exactly - and if it was like that, any edits like this shouldn't be needed, right?

[twig/al]

Best way is to create a "Super Moderator" give him/her all the permissions you want... Saves a lot of work and worry. But you still need to know them very well...

[Illori]

that does not fix this issue where there is no permission to give or not give for this ability.

[Sir Osis of Liver]

Yes, exactly - and if it was like that, any edits like this shouldn't be needed, right?

If the option is there, people will use it, often with the best intentions.  If it's not there, most users will not even know it's available.  As you pointed out, anyone given admin permissions can do much worse things than deleting a board.  If you base all of your decisions in life on the assumption that everyone but you is a scumbag and out to get you, you'll have a very unhappy life. 

[Aleksi "Lex" Kilpinen]

Well, point taken But I do strongly feel that admin rights should only be given to people you can trust not to use them wrongly.

[KensonPlays]

Well, point taken But I do strongly feel that admin rights should only be given to people you can trust not to use them wrongly.

+1,000!!! Well said

I agree with the "Super Moderator" post as well