This is a nice Add-on, thank you for providing this
Methods
Andrew\ModeratorPanel\Pub\Controller::actionIpAddresses()
and
Andrew\ModeratorPanel\Pub\Controller::actionIpUsers()
do allow access for anyone who has permission to access the Panel.
Can this be changed to also take the existing permission
$visitor->canViewIps()
into account?
For legal reasons we can't allow moderators to access IP adresses, so this currently prevents us from being able to use this Add-on.
Similar changes for
actionCurrentBan
,
actionWarnings
and
actionThreadBans
would also be appreciated.
Further Issues
- Templates
andrew_moderatorpanel_dashboard_macros
, andrew_moderatorpanel_macros
, andrew_moderatorpanel_user_ban_list
contain hardcoded text Edit ban
- Duplicate phrases
andrew_moderatorpanel_moderator_panel
and andrew_moderator_panel
- Typo phrase
andrew_moderatorpanel_recently_regisered_users
- There is w wrong condition check in
Andrew\ModeratorPanel\Pub\Controller\ModeratorPanel::actionUserNotes()
that does allow users that have either condition to view user notes; it probably should be only users that have both permissions - at least it shold by only users taht do have the permission to view user notes
PHP:
if (!$visitor->canViewModeratorPanel() && !$visitor->canViewUserNotes())
{
return $this->noPermission();
}
As I'd consider this a security related bug it should be fixed in a timely manner.
- It is still possible to search for IP adresses even if permission View IP addresses is not given
- The dashboard shows "Activity blocks" for Active & Closed reports even if reports are being sent to a forum
This seems unnecessary and confusing as those counters will both be zero all the time anyway in this case
- Recent warnings does show an end date for timestamp 0 instead of phrase never for non-expiring warnings