Allowing banned users to perform specific actions is more complicated than it needs to be

Kirby

Well-known member
Affected version
2.2.8
Allowing banned users to perform certain actions (like using the contact form) requires overriding assertNotBanned.

But, unlike most other assert* methods, this method does not get passed the action.

So in order to only allow specific actions, this also requires some kinda ugly workaround like also overriding preDispatchType.

Could this be changed (for 2.3.0+?) so assertNotBanned and assertIpNotBanned both do get the action as well?
 
We use the warning point system to ban people when they have 10 active warning points. This could easily be changed to put them into a user group for banned members instead. A user group with particular permissions restricting them from most things and allowing some. Combined with a notice in the top it would make a decent kludge to help out this use case.
 
Here is what we do:
1: We make a clear distinction between truly banned accounts (i.e. those who we never want to be able to do anything at all) and those for whom we wish to allow, for example, to make an appeal.
2: We only actually BAN those for whom we intend the action to be total.
3: For the others, we "suspend" them (our term - choose anything else that fits eg Pending Ban etc). Suspended members are not (yet) banned but they are given a secondary usergroup which severely restricts their permissions. In our case we leave them access to one single forum (node) in which they can make an appeal. And in that node only the thread starter and selected team members can see threads - thus it's effectively private.

Alongside this (in our case at least) anybody (eg not logged in) can use the Contact form anyway.
 
Back
Top Bottom