As designed "Delete all warnings" permission does not work for moderators

I

ivp

Active member
Affected version
2.1.7
Moderators can delete warnings and/or modify when they expire even though "Delete all warnings" permission is set to No or Never.

In src/XF/Entity/Warning.php functions canDelete() and canEditExpiry() include a code overriding "Delete all warnings" permission:
Code: 
if ($this->warning_user_id == $visitor->user_id)
{
    return true;
}
 
Thank you for reporting this issue, it has now been resolved. We are aiming to include any changes that have been made in a future XF release (2.1.8).

Change log:
Don't allow moderators to delete / edit warnings they have given if they have no permission to.
Click to expand...
There may be a delay before changes are rolled out to the XenForo Community.
 
I think that this is a regression with the warning system.
Moderators are complaining that they cannot delete warning they issued.
Giving them delete all permission is not an option as it allow them to delete other staff's warning.
 
ivanp said:
Moderators can delete warnings and/or modify when they expire even though "Delete all warnings" permission is set to No or Never.

In src/XF/Entity/Warning.php functions canDelete() and canEditExpiry() include a code overriding "Delete all warnings" permission:
Code: 
if ($this->warning_user_id == $visitor->user_id)
{
    return true;
}
Click to expand...
On reflection we have decided to revert the changes we made as a result of this bug report.

It was always an intentional design behaviour (which perhaps dates back quite some time) that the moderators issuing a warning should be able to edit or expire it.

A number of people were relying on the original behaviour so it seems as though that is the expectation and we've restored it.
 
Can you at least provide a way to alter such behavior without changing the code, in Options or similar? Thanks.
 
Nope this is just how it is for now.

You can open a suggestion and we’ll consider it in the future.
 
Are the changes reverted for both canDelete() and canEditExpiry() functions?

Deleting warning leaves no trace, so moderator can bully users and then cover his tracks.
 
Right, but deleted warnings are not visible in the front end.

Supermoderators cannot see such activity, so administrator has to manually investigate moderator log.
 
Moderators can view moderator log entries pertaining to a specific thread (and all the posts in it) by opening the 'Moderator actions' panel from the thread drop-down:

screenshot-dRP0io.webp

I guess the exception here would be warnings given to users themselves, but typically that's something I would imagine is reserved to super moderators (which would thus presumably be investigated by administrators anyways).
 
Yes. If I warn a user's post and then delete the warning, it will create two entries in the moderator log. Users with permission to manage threads in that node can view those log entries on the front-end by opening the "Moderator actions" overlay of the corresponding thread.

However, if I warn a user directly instead of warning their post (eg. using the "Warn" button on their profile -- an action I'd imagine is reserved to super moderators), then there is no place to view the associated log entries in the front-end.
 
If moderator issues a warning and then deletes it, supermoderator (nor administrator) cannot see it in the list of warnings in Warnings tab in user's profile.
 
This is a closed bug report. If you require support, please open a ticket or create a new thread in the appropriate forum.
 

Similar threads

I
  • Suggestion Suggestion
Lack of interest New General moderator permission: "Delete own warnings"
Replies
6
Views
868
ivp
I
R
  • Question Question
XF 1.1 How to delete all warnings given?
Replies
0
Views
593
rdn
R
Back
Top Bottom