Extending SuperAdmin Restrictions in the AdminCP


Well-known member
In the AdminCP, you can only access the Users > Administrators page if you're defined as a Super Administrator.

I'd like to restrict access to other sections of the AdminCP, so that only Super Administrators can access them as well, but I'm not familiar with how XenForo's AdminCP is put together.

Can this permission control easily be extended to other AdminCP pages with a few lines of code? Specifically, I want to block access to Users > Email Users, Users > Moderators, and Users > Batch Update Users.


OK, I think I've figured this out. This restricts Super Admin access:
I added that as the top line inside each relevant function in the file /library/XenForo/ControllerAdmin/User.php. For example:

public function actionEmail()
        /* rest of default code... */
That's the one that controls Email Users, and for Batch Update Users, it's the function actionBatchUpdate. I think the Moderators page is in another file, so I'll have to look for that tomorrow.

Of course, if you follow in my footsteps, please remember that you'll need to apply these changes every time you upgrade XenForo or else this will no longer function.

If any of you experts are reading and see something that is wrong or incorrect with this method, please comment.
Last edited: