[2.0] Global Mod can modify and remove Admin Posts

feline · July 25, 2011, 03:13:09 PM

As the subject say ..
A Global Moderator can remove and edit posts created by a Admin.
This is a heavy bug I think

emanuele · July 25, 2011, 03:16:42 PM

How?

Illori · July 25, 2011, 03:33:39 PM

a global mod has always been able to moderate everyone that includes admin and other moderators. even a board moderator can edit posts made by an admin.

Robert. · July 25, 2011, 03:37:05 PM

Actually, I understand why it's an issue. It's the same like users with the right to edit account settings can't edit those of an admin. Therefore I think it would be better to create a permission for it.

Illori · July 25, 2011, 03:38:59 PM

i think there is a mod that does something like that already.

karlbenson · July 25, 2011, 03:39:42 PM

Superadmin mod?

feline · July 25, 2011, 04:09:42 PM

Here a simple fix ... In Display.php
search for:

Code Select


	// Run BBC interpreter on the message.
	$message['body'] = parse_bbc($message['body'], $message['smileys_enabled'], $message['id_msg']);

add after:

Code Select


	$can_modify = allowedTo('modify_any') && ($user_info['is_admin'] || $message['id_member']['group_id'] != 1);
	$can_delete = allowedTo('delete_any') && ($user_info['is_admin'] || $message['id_member']['group_id'] != 1);

search for:

Code Select


		'can_modify' => (!$context['is_locked'] || allowedTo('moderate_board')) && (allowedTo('modify_any') || (allowedTo('modify_replies') && $context['user']['started']) || (allowedTo('modify_own') && $message['id_member'] == $user_info['id'] && (empty($modSettings['edit_disable_time']) || !$message['approved'] || $message['poster_time'] + $modSettings['edit_disable_time'] * 60 > time()))),
		'can_remove' => allowedTo('delete_any') || (allowedTo('delete_replies') && $context['user']['started']) || (allowedTo('delete_own') && $message['id_member'] == $user_info['id'] && (empty($modSettings['edit_disable_time']) || $message['poster_time'] + $modSettings['edit_disable_time'] * 60 > time())),

replace by:

Code Select


		'can_modify' => (!$context['is_locked'] || allowedTo('moderate_board')) && ($can_modify || (allowedTo('modify_replies') && $context['user']['started']) || (allowedTo('modify_own') && $message['id_member'] == $user_info['id'] && (empty($modSettings['edit_disable_time']) || !$message['approved'] || $message['poster_time'] + $modSettings['edit_disable_time'] * 60 > time()))),
		'can_remove' => $can_delete || (allowedTo('delete_replies') && $context['user']['started']) || (allowedTo('delete_own') && $message['id_member'] == $user_info['id'] && (empty($modSettings['edit_disable_time']) || $message['poster_time'] + $modSettings['edit_disable_time'] * 60 > time())),

Now the Global Mod can't modify or delete posts made by members in the Admin Group (id 1)..

Illori · July 25, 2011, 04:12:27 PM

the only problem then is the global mod is no longer global, it should be up to the admin if they want the mods to edit their posts or not. not up to the forum software. it has been like this for a while even in 1.1.1*

Kindred · July 27, 2011, 11:35:22 AM

While I understand the point of the edit - it is not actually a BUG... it is working completely as intended.

feline · July 27, 2011, 03:41:19 PM

Very difficult Kindred ..
if a Global mod have remove member - delete_any, the he can also drop the admin

Kindred · July 27, 2011, 03:53:10 PM

yes, that is true.... again, not a bug - although I see the point of making the admin untouchable, I also see a point of "don't give that sort of access to people you don't trust"

feline · July 28, 2011, 06:39:28 AM

Quote from: Kindred on July 27, 2011, 03:53:10 PM
I also see a point of "don't give that sort of access to people you don't trust"

That's also very difficult ... Normally anyone in a forum know the other really

Illori · July 28, 2011, 06:41:28 AM

that is not always true, look at the team here at sm.org most of us did not know each other until we made the team, that does not mean that we are given full admin access just because we are on the team. we are only trusted to a point with certain permissions.

Illori · November 18, 2011, 09:53:18 AM

comments from developers on if this is a bug or not?

NetFlag · February 28, 2012, 11:04:37 AM

Quote from: feline on July 25, 2011, 04:09:42 PM
Here a simple fix ... In Display.php
search for:
Code Select Expand
// Run BBC interpreter on the message. $message['body'] = parse_bbc($message['body'], $message['smileys_enabled'], $message['id_msg']);
add after:
Code Select Expand
$can_modify = allowedTo('modify_any') && ($user_info['is_admin'] || $message['id_member']['group_id'] != 1); $can_delete = allowedTo('delete_any') && ($user_info['is_admin'] || $message['id_member']['group_id'] != 1);

search for:
Code Select Expand
'can_modify' => (!$context['is_locked'] || allowedTo('moderate_board')) && (allowedTo('modify_any') || (allowedTo('modify_replies') && $context['user']['started']) || (allowedTo('modify_own') && $message['id_member'] == $user_info['id'] && (empty($modSettings['edit_disable_time']) || !$message['approved'] || $message['poster_time'] + $modSettings['edit_disable_time'] * 60 > time()))), 'can_remove' => allowedTo('delete_any') || (allowedTo('delete_replies') && $context['user']['started']) || (allowedTo('delete_own') && $message['id_member'] == $user_info['id'] && (empty($modSettings['edit_disable_time']) || $message['poster_time'] + $modSettings['edit_disable_time'] * 60 > time())),

replace by:
Code Select Expand
'can_modify' => (!$context['is_locked'] || allowedTo('moderate_board')) && ($can_modify || (allowedTo('modify_replies') && $context['user']['started']) || (allowedTo('modify_own') && $message['id_member'] == $user_info['id'] && (empty($modSettings['edit_disable_time']) || !$message['approved'] || $message['poster_time'] + $modSettings['edit_disable_time'] * 60 > time()))), 'can_remove' => $can_delete || (allowedTo('delete_replies') && $context['user']['started']) || (allowedTo('delete_own') && $message['id_member'] == $user_info['id'] && (empty($modSettings['edit_disable_time']) || $message['poster_time'] + $modSettings['edit_disable_time'] * 60 > time())),

Now the Global Mod can't modify or delete posts made by members in the Admin Group (id 1)..

This only remove the buttons. If someone knew the direct link (not so difficult) its useless. I think some enhanced code must placed in Security.php.

Best regards
NetHunter

emanuele · February 28, 2012, 11:34:20 AM

I agree with Kindred that it works as intended (but I'm the last arrived and I don't have a big forum) so my opinion doesn't have a big weight.

BTW, there are at least two mods that can provide such functionality (mine doesn't deal with bans):
http://custom.simplemachines.org/mods/index.php?mod=1306
http://custom.simplemachines.org/mods/index.php?mod=2933

nend · April 24, 2012, 05:53:13 PM

I disagree with the OP, I would rather have the Global Moderator be able to edit all post, including the Admins. It makes perfect sense to me.

My definition of a Global Moderator is someone I trust enough with every single board, I can even trust them with the Admin position if they knew how. However to some people the Admin position is too much, some people may get confused with everything in the Admin Panel, so GM they are.

Say a post has outdated information and a Admin posted it. The Global Moderator should have the ability to update that information. IMHO Global Moderator is step down from Admin, so you should treat that group as such.

Maybe you are proposing a next step down? IMHO Global Moderator is perfect, it doesn't need to be touched.

nimda · June 27, 2012, 12:15:16 PM

I have posted a post as the admin user to do some testing but cannot seem to find an option to delete my own admin post. Can someone help please?

Kindred · June 27, 2012, 12:16:44 PM

Nimda,
this is not a support topic.

emanuele · June 27, 2012, 12:18:21 PM

nimda if you are still logged in with your admin account you should see the normal "remove" button next to the post.

News:

[2.0] Global Mod can modify and remove Admin Posts