As designed "Delete all warnings" permission does not work for moderators

Affected version
2.1.7

ivanp

Active member
Moderators can delete warnings and/or modify when they expire even though "Delete all warnings" permission is set to No or Never.

In src/XF/Entity/Warning.php functions canDelete() and canEditExpiry() include a code overriding "Delete all warnings" permission:
Code:
if ($this->warning_user_id == $visitor->user_id)
{
    return true;
}
 

XF Bug Bot

XenForo bug fixer bot
Staff member
Thank you for reporting this issue, it has now been resolved. We are aiming to include any changes that have been made in a future XF release (2.1.8).

Change log:
Don't allow moderators to delete / edit warnings they have given if they have no permission to.
There may be a delay before changes are rolled out to the XenForo Community.
 

loulou

Member
I think that this is a regression with the warning system.
Moderators are complaining that they cannot delete warning they issued.
Giving them delete all permission is not an option as it allow them to delete other staff's warning.
 

Chris D

XenForo developer
Staff member
Moderators can delete warnings and/or modify when they expire even though "Delete all warnings" permission is set to No or Never.

In src/XF/Entity/Warning.php functions canDelete() and canEditExpiry() include a code overriding "Delete all warnings" permission:
Code:
if ($this->warning_user_id == $visitor->user_id)
{
    return true;
}
On reflection we have decided to revert the changes we made as a result of this bug report.

It was always an intentional design behaviour (which perhaps dates back quite some time) that the moderators issuing a warning should be able to edit or expire it.

A number of people were relying on the original behaviour so it seems as though that is the expectation and we've restored it.
 

ivanp

Active member
Can you at least provide a way to alter such behavior without changing the code, in Options or similar? Thanks.
 

Chris D

XenForo developer
Staff member
Nope this is just how it is for now.

You can open a suggestion and we’ll consider it in the future.
 

ivanp

Active member
Are the changes reverted for both canDelete() and canEditExpiry() functions?

Deleting warning leaves no trace, so moderator can bully users and then cover his tracks.
 

ivanp

Active member
Right, but deleted warnings are not visible in the front end.

Supermoderators cannot see such activity, so administrator has to manually investigate moderator log.
 

Jeremy P

XenForo developer
Staff member
Moderators can view moderator log entries pertaining to a specific thread (and all the posts in it) by opening the 'Moderator actions' panel from the thread drop-down:

screenshot-dRP0io.png

I guess the exception here would be warnings given to users themselves, but typically that's something I would imagine is reserved to super moderators (which would thus presumably be investigated by administrators anyways).
 

Jeremy P

XenForo developer
Staff member
Yes. If I warn a user's post and then delete the warning, it will create two entries in the moderator log. Users with permission to manage threads in that node can view those log entries on the front-end by opening the "Moderator actions" overlay of the corresponding thread.

However, if I warn a user directly instead of warning their post (eg. using the "Warn" button on their profile -- an action I'd imagine is reserved to super moderators), then there is no place to view the associated log entries in the front-end.
 

ivanp

Active member
If moderator issues a warning and then deletes it, supermoderator (nor administrator) cannot see it in the list of warnings in Warnings tab in user's profile.
 

Chris D

XenForo developer
Staff member
This is a closed bug report. If you require support, please open a ticket or create a new thread in the appropriate forum.
 
Top