[Andrew] Moderator Panel

[Andrew] Moderator Panel 1.5.1

No permission to download

otix_

Member
Hello, does these addon has a setting where posts from moderators can not be liked or disliked by user?
 

creativeforge

Active member
Hi Andrew, is there a feature that filters new registrations to see if the username is already in use? I have moderators who encounter a request for approval of a new registration that was "set aside for manual approval" because it uses a username already in use.

I'm trying to find out where that comes from, I thought maybe it was your addon?
 

AndrewSimm

Well-known member
Hi Andrew, is there a feature that filters new registrations to see if the username is already in use? I have moderators who encounter a request for approval of a new registration that was "set aside for manual approval" because it uses a username already in use.

I'm trying to find out where that comes from, I thought maybe it was your addon?
No, this add-on does not do that. I am not aware how you would have users register for usernames that already exist.
 

creativeforge

Active member
No, this add-on does not do that. I am not aware how you would have users register for usernames that already exist.
Thank you, a moderator asked me to find out how to disable that filter or maybe remove those notifications to moderators... I'll need to ask for a screenshot next time.

Thanks Andrew!
 

Kirby

Well-known member
This is a nice Add-on, thank you for providing this :)

Methods Andrew\ModeratorPanel\Pub\Controller::actionIpAddresses() and Andrew\ModeratorPanel\Pub\Controller::actionIpUsers() do allow access for anyone who has permission to access the Panel.

Can this be changed to also take the existing permission $visitor->canViewIps() into account?
For legal reasons we can't allow moderators to access IP adresses, so this currently prevents us from being able to use this Add-on.

Similar changes for actionCurrentBan, actionWarnings and actionThreadBans would also be appreciated.

Further Issues
  • Templates andrew_moderatorpanel_dashboard_macros, andrew_moderatorpanel_macros, andrew_moderatorpanel_user_ban_list contain hardcoded text Edit ban
  • Duplicate phrases andrew_moderatorpanel_moderator_panel and andrew_moderator_panel
  • Typo phrase andrew_moderatorpanel_recently_regisered_users
  • There is w wrong condition check in Andrew\ModeratorPanel\Pub\Controller\ModeratorPanel::actionUserNotes() that does allow users that have either condition to view user notes; it probably should be only users that have both permissions - at least it shold by only users taht do have the permission to view user notes
    PHP:
    if (!$visitor->canViewModeratorPanel() && !$visitor->canViewUserNotes())
    {
        return $this->noPermission();
    }
    As I'd consider this a security related bug it should be fixed in a timely manner.
  • It is still possible to search for IP adresses even if permission View IP addresses is not given
  • The dashboard shows "Activity blocks" for Active & Closed reports even if reports are being sent to a forum
    This seems unnecessary and confusing as those counters will both be zero all the time anyway in this case
  • Recent warnings does show an end date for timestamp 0 instead of phrase never for non-expiring warnings
 
Last edited:

AndrewSimm

Well-known member
This is a nice Add-on, thank you for providing this :)

Methods Andrew\ModeratorPanel\Pub\Controller::actionIpAddresses() and Andrew\ModeratorPanel\Pub\Controller::actionIpUsers() do allow access for anyone who has permission to access the Panel.

Can this be changed to also take the existing permission $visitor->canViewIps() into account?
For legal reasons we can't allow moderators to access IP adresses, so this currently prevents us from being able to use this Add-on.

Similar changes for actionCurrentBan, actionWarnings and actionThreadBans would also be appreciated.

Further Issues
  • Templates andrew_moderatorpanel_dashboard_macros, andrew_moderatorpanel_macros, andrew_moderatorpanel_user_ban_list contain hardcoded text Edit ban
  • Duplicate phrases andrew_moderatorpanel_moderator_panel and andrew_moderator_panel
  • Typo phrase andrew_moderatorpanel_recently_regisered_users
  • There is w wrong condition check in Andrew\ModeratorPanel\Pub\Controller\ModeratorPanel::actionUserNotes() that does allow users that have either condition to view user notes; it probably should be only users that have both permissions - at least it shold by only users taht do have the permission to view user notes
    PHP:
    if (!$visitor->canViewModeratorPanel() && !$visitor->canViewUserNotes())
    {
        return $this->noPermission();
    }
    As I'd consider this a security related bug it should be fixed in a timely manner.
  • It is still possible to search for IP adresses even if permission View IP addresses is not given
  • The dashboard shows "Activity blocks" for Active & Closed reports even if reports are being sent to a forum
    This seems unnecessary and confusing as those counters will both be zero all the time anyway in this case
  • Recent warnings does show an end date for timestamp 0 instead of phrase never for non-expiring warnings
Thanks Kirby. I have a flight back home tomorrow and should be able to address most of this on Saturday and Sunday. I'll get out a release this weekend. Thanks for the detail.
 

AndrewSimm

Well-known member
This is a nice Add-on, thank you for providing this :)

Methods Andrew\ModeratorPanel\Pub\Controller::actionIpAddresses() and Andrew\ModeratorPanel\Pub\Controller::actionIpUsers() do allow access for anyone who has permission to access the Panel.

Can this be changed to also take the existing permission $visitor->canViewIps() into account?
For legal reasons we can't allow moderators to access IP adresses, so this currently prevents us from being able to use this Add-on.

Similar changes for actionCurrentBan, actionWarnings and actionThreadBans would also be appreciated.

Further Issues
  • Templates andrew_moderatorpanel_dashboard_macros, andrew_moderatorpanel_macros, andrew_moderatorpanel_user_ban_list contain hardcoded text Edit ban
  • Duplicate phrases andrew_moderatorpanel_moderator_panel and andrew_moderator_panel
  • Typo phrase andrew_moderatorpanel_recently_regisered_users
  • There is w wrong condition check in Andrew\ModeratorPanel\Pub\Controller\ModeratorPanel::actionUserNotes() that does allow users that have either condition to view user notes; it probably should be only users that have both permissions - at least it shold by only users taht do have the permission to view user notes
    PHP:
    if (!$visitor->canViewModeratorPanel() && !$visitor->canViewUserNotes())
    {
        return $this->noPermission();
    }
    As I'd consider this a security related bug it should be fixed in a timely manner.
  • It is still possible to search for IP adresses even if permission View IP addresses is not given
  • The dashboard shows "Activity blocks" for Active & Closed reports even if reports are being sent to a forum
    This seems unnecessary and confusing as those counters will both be zero all the time anyway in this case
  • Recent warnings does show an end date for timestamp 0 instead of phrase never for non-expiring warnings
Just finished these updates. I am going to do some more testing tomorrow and then release the update.
 

AndrewSimm

Well-known member
AndrewSimm updated [Andrew] Moderator Panel with a new update entry:

Version 1.4.3

  • Updated hard coded "Edit Ban" to {{ phrase('edit_ban') }}
  • Removed phrase "andrew_moderatorpanel_moderator_panel" and replaces instances of it with andrew_moderator_panel
  • Fixed spelling of andrew_moderatorpanel_recently_regisered_users and removed duplicate phrase
  • Fixed incorrect operator on user note permission that could allow users with panel access but not user note access to view user notes
  • Warnings that never expire will show "Never" instead of a date in 1969...

Read the rest of this update entry...
 

AndrewSimm

Well-known member
This is a nice Add-on, thank you for providing this :)

Methods Andrew\ModeratorPanel\Pub\Controller::actionIpAddresses() and Andrew\ModeratorPanel\Pub\Controller::actionIpUsers() do allow access for anyone who has permission to access the Panel.

Can this be changed to also take the existing permission $visitor->canViewIps() into account?
For legal reasons we can't allow moderators to access IP adresses, so this currently prevents us from being able to use this Add-on.

Similar changes for actionCurrentBan, actionWarnings and actionThreadBans would also be appreciated.

Further Issues
  • Templates andrew_moderatorpanel_dashboard_macros, andrew_moderatorpanel_macros, andrew_moderatorpanel_user_ban_list contain hardcoded text Edit ban
  • Duplicate phrases andrew_moderatorpanel_moderator_panel and andrew_moderator_panel
  • Typo phrase andrew_moderatorpanel_recently_regisered_users
  • There is w wrong condition check in Andrew\ModeratorPanel\Pub\Controller\ModeratorPanel::actionUserNotes() that does allow users that have either condition to view user notes; it probably should be only users that have both permissions - at least it shold by only users taht do have the permission to view user notes
    PHP:
    if (!$visitor->canViewModeratorPanel() && !$visitor->canViewUserNotes())
    {
        return $this->noPermission();
    }
    As I'd consider this a security related bug it should be fixed in a timely manner.
  • It is still possible to search for IP adresses even if permission View IP addresses is not given
  • The dashboard shows "Activity blocks" for Active & Closed reports even if reports are being sent to a forum
    This seems unnecessary and confusing as those counters will both be zero all the time anyway in this case
  • Recent warnings does show an end date for timestamp 0 instead of phrase never for non-expiring warnings
This has all been fixed in version 1.4.3. I strongly encourage everyone to upgrade.
 

Foynat

Member
Great add-on, I have disabled an alternative (paid) add-on that has only a fraction of the features of this one. Thank you for releasing this.

I would personally like a feature where protected users' IP addresses are not shown, but I understand this is a bit of a niche request!
 
Top