News:

SMF 2.1.4 has been released! Take it for a spin! Read more.

Main Menu

[2.0] Global Mod can modify and remove Admin Posts

Started by feline, July 25, 2011, 03:13:09 PM

Previous topic - Next topic

feline

As the subject say ..
A Global Moderator can remove and edit posts created by a Admin.
This is a heavy bug I think  :o

emanuele



Take a peek at what I'm doing! ;D




Hai bisogno di supporto in Italiano?

Aiutateci ad aiutarvi: spiegate bene il vostro problema: no, "non funziona" non è una spiegazione!!
1) Cosa fai,
2) cosa ti aspetti,
3) cosa ottieni.

Illori

a global mod has always been able to moderate everyone that includes admin and other moderators. even a board moderator can edit posts made by an admin.

Robert.

Actually, I understand why it's an issue. It's the same like users with the right to edit account settings can't edit those of an admin. Therefore I think it would be better to create a permission for it. :)

Illori

i think there is a mod that does something like that already.

karlbenson


feline

Here a simple fix ... In Display.php
search for:

// Run BBC interpreter on the message.
$message['body'] = parse_bbc($message['body'], $message['smileys_enabled'], $message['id_msg']);

add after:

$can_modify = allowedTo('modify_any') && ($user_info['is_admin'] || $message['id_member']['group_id'] != 1);
$can_delete = allowedTo('delete_any') && ($user_info['is_admin'] || $message['id_member']['group_id'] != 1);


search for:

'can_modify' => (!$context['is_locked'] || allowedTo('moderate_board')) && (allowedTo('modify_any') || (allowedTo('modify_replies') && $context['user']['started']) || (allowedTo('modify_own') && $message['id_member'] == $user_info['id'] && (empty($modSettings['edit_disable_time']) || !$message['approved'] || $message['poster_time'] + $modSettings['edit_disable_time'] * 60 > time()))),
'can_remove' => allowedTo('delete_any') || (allowedTo('delete_replies') && $context['user']['started']) || (allowedTo('delete_own') && $message['id_member'] == $user_info['id'] && (empty($modSettings['edit_disable_time']) || $message['poster_time'] + $modSettings['edit_disable_time'] * 60 > time())),


replace by:

'can_modify' => (!$context['is_locked'] || allowedTo('moderate_board')) && ($can_modify || (allowedTo('modify_replies') && $context['user']['started']) || (allowedTo('modify_own') && $message['id_member'] == $user_info['id'] && (empty($modSettings['edit_disable_time']) || !$message['approved'] || $message['poster_time'] + $modSettings['edit_disable_time'] * 60 > time()))),
'can_remove' => $can_delete || (allowedTo('delete_replies') && $context['user']['started']) || (allowedTo('delete_own') && $message['id_member'] == $user_info['id'] && (empty($modSettings['edit_disable_time']) || $message['poster_time'] + $modSettings['edit_disable_time'] * 60 > time())),


Now the Global Mod can't modify or delete posts made by members in  the Admin Group (id 1)..

Illori

the only problem then is the global mod is no longer global, it should be up to the admin if they want the mods to edit their posts or not. not up to the forum software. it has been like this for a while even in 1.1.1*

Kindred

While I understand the point of the edit - it is not actually a BUG... it is working completely as intended.
Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

feline

Very difficult Kindred ..
if a Global mod have remove member - delete_any, the he can also drop the admin  :o

Kindred

yes, that is true....   again, not a bug - although I see the point of making the admin untouchable, I also see a point of "don't give that sort of access to people you don't trust"
Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

feline

Quote from: Kindred on July 27, 2011, 03:53:10 PM
I also see a point of "don't give that sort of access to people you don't trust"
That's also very difficult ... Normally anyone in a forum know the other really  ;)

Illori

that is not always true, look at the team here at sm.org most of us did not know each other until we made the team, that does not mean that we are given full admin access just because we are on the team. we are only trusted to a point with certain permissions.

Illori

comments from developers on if this is a bug or not?

NetFlag

Quote from: feline on July 25, 2011, 04:09:42 PM
Here a simple fix ... In Display.php
search for:

// Run BBC interpreter on the message.
$message['body'] = parse_bbc($message['body'], $message['smileys_enabled'], $message['id_msg']);

add after:

$can_modify = allowedTo('modify_any') && ($user_info['is_admin'] || $message['id_member']['group_id'] != 1);
$can_delete = allowedTo('delete_any') && ($user_info['is_admin'] || $message['id_member']['group_id'] != 1);


search for:

'can_modify' => (!$context['is_locked'] || allowedTo('moderate_board')) && (allowedTo('modify_any') || (allowedTo('modify_replies') && $context['user']['started']) || (allowedTo('modify_own') && $message['id_member'] == $user_info['id'] && (empty($modSettings['edit_disable_time']) || !$message['approved'] || $message['poster_time'] + $modSettings['edit_disable_time'] * 60 > time()))),
'can_remove' => allowedTo('delete_any') || (allowedTo('delete_replies') && $context['user']['started']) || (allowedTo('delete_own') && $message['id_member'] == $user_info['id'] && (empty($modSettings['edit_disable_time']) || $message['poster_time'] + $modSettings['edit_disable_time'] * 60 > time())),


replace by:

'can_modify' => (!$context['is_locked'] || allowedTo('moderate_board')) && ($can_modify || (allowedTo('modify_replies') && $context['user']['started']) || (allowedTo('modify_own') && $message['id_member'] == $user_info['id'] && (empty($modSettings['edit_disable_time']) || !$message['approved'] || $message['poster_time'] + $modSettings['edit_disable_time'] * 60 > time()))),
'can_remove' => $can_delete || (allowedTo('delete_replies') && $context['user']['started']) || (allowedTo('delete_own') && $message['id_member'] == $user_info['id'] && (empty($modSettings['edit_disable_time']) || $message['poster_time'] + $modSettings['edit_disable_time'] * 60 > time())),


Now the Global Mod can't modify or delete posts made by members in  the Admin Group (id 1)..

This only remove the buttons. If someone knew the direct link (not so difficult) its useless. I think some enhanced code must placed in Security.php.

Best regards
NetHunter

emanuele

I agree with Kindred that it works as intended (but I'm the last arrived and I don't have a big forum) so my opinion doesn't have a big weight.

BTW, there are at least two mods that can provide such functionality (mine doesn't deal with bans):
http://custom.simplemachines.org/mods/index.php?mod=1306
http://custom.simplemachines.org/mods/index.php?mod=2933


Take a peek at what I'm doing! ;D




Hai bisogno di supporto in Italiano?

Aiutateci ad aiutarvi: spiegate bene il vostro problema: no, "non funziona" non è una spiegazione!!
1) Cosa fai,
2) cosa ti aspetti,
3) cosa ottieni.

nend

I disagree with the OP, I would rather have the Global Moderator be able to edit all post, including the Admins. It makes perfect sense to me.

My definition of a Global Moderator is someone I trust enough with every single board, I can even trust them with the Admin position if they knew how. However to some people the Admin position is too much, some people may get confused with everything in the Admin Panel, so GM they are.

Say a post has outdated information and a Admin posted it. The Global Moderator should have the ability to update that information. IMHO Global Moderator is step down from Admin, so you should treat that group as such.

Maybe you are proposing a next step down? IMHO Global Moderator is perfect, it doesn't need to be touched.

nimda

I have posted a post as the admin user to do some testing but cannot seem to find an option to delete my own admin post. Can someone help please?  :)

Kindred

Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

emanuele

nimda if you are still logged in with your admin account you should see the normal "remove" button next to the post.


Take a peek at what I'm doing! ;D




Hai bisogno di supporto in Italiano?

Aiutateci ad aiutarvi: spiegate bene il vostro problema: no, "non funziona" non è una spiegazione!!
1) Cosa fai,
2) cosa ti aspetti,
3) cosa ottieni.

Advertisement: