Fixed "Delete all warnings" permission does not work for moderators

Affected version
2.1.7

ivanp

Member
Moderators can delete warnings and/or modify when they expire even though "Delete all warnings" permission is set to No or Never.

In src/XF/Entity/Warning.php functions canDelete() and canEditExpiry() include a code overriding "Delete all warnings" permission:
Code:
if ($this->warning_user_id == $visitor->user_id)
{
    return true;
}
 

XF Bug Bot

XenForo bug fixer bot
Staff member
Thank you for reporting this issue, it has now been resolved. We are aiming to include any changes that have been made in a future XF release (2.1.8).

Change log:
Don't allow moderators to delete / edit warnings they have given if they have no permission to.
There may be a delay before changes are rolled out to the XenForo Community.
 
Top