Not a bug CanEditUser doesn't check if Selected User is SuperAdmin

Vincent

Vincent

Well-known member
The CanEditUser check on the Edit link in the Member Card for Administators doesn't check if the User they're trying to enter is a Super Administrator.

I'm not sure if it's possible to check that, since it's defined in the config.php.

Anyhow, we'll see :)
 
I'm not sure I'd classify this as a bug, as the 'Edit' link can still be used to view privileged info, even if you can't actually edit the super admin.
 
Kier said:
I'm not sure I'd classify this as a bug, as the 'Edit' link can still be used to view privileged info, even if you can't actually edit the super admin.
Click to expand...
Not true:
After clicking the Edit link from a Super Admin Membercard as a normal Admin:
Sans titre.webp
 
Regardless, we show this edit link throughout the admin CP where it may not be accessible (for this reason) so I think the behavior is consistent.
 

Similar threads

X
Fixed convert-utf8mb4 doesn't check if fullUnicode is already set before recommending it should be set
Replies
1
Views
821
XF Bug Bot
XF Bug Bot
ibaker
Fixed Thumbnail rebuild doesn't check if FFmpeg is available
Replies
1
Views
703
Chris D
Chris D
thedude
Fixed Add Media page doesn't check if the XenForo Flash Uploader is enabled
Replies
1
Views
946
Chris D
Chris D
Back
Top Bottom