Group membership moderators

Group membership moderators 2.2.1

No permission to download
Overview FAQ Updates (10) Reviews (7) History Discussion
Mr. Jinx updated Group Membership Moderators with a new update entry:

[2.1.1a] New feature + bugfixes

  • New feature: It is now possible to assign a group of members as 'group moderators'
  • Bugfix: Creating a new group and adding a group moderator at the same time would result in an error.
  • Bugfix: Better cleanup when removing a group with group moderators assigned. This would result in some problems.
View attachment 200643

Warning: Always make a backup and test before installing this on a production forum.
Click to expand...

Read the rest of this update entry...
 
Mr. Jinx said:
I have not heard of this problem before, so probably some incompatibility between this addon and 'Colored Username Everywhere'.
Click to expand...

I disabled that addon, and I'm still having the same issue. Banners are applied, username CSS is not. Username CSS works if I manually add the user to the group through the admin panel.
 
That is up to you, you can make it as complex as you like.

Example 1:
200804
In this example, all members from the group 'Group moderators' can add/remove users from the group 'Test'.
Group mods can remove them self (or other mods) as a member from the 'Test' group, but they will keep the groupmod role.

Example 2:
200805
If you would add 'Group moderators' the right to manage it's own group, then the group moderators can add/remove others as groupmod. So this might be a bit dangerous :)
 
if you change ID from url you can access to another group whitelist
I remove this addon fast from my forum and get money back
 
Last edited:
Thanks for the report @Chipie678 , working on it. And money back is no problem.
Although I really would have appreciated it even more if you would have first contacted me personally about this.

In the mean time, I suggest anyone who has concerns to temporarily disable the add-on until a fix is provided.
 
Mr. Jinx updated Group Membership Moderators with a new update entry:

[2.1.3] Important Security Update

!!! IMPORTANT SECURITY UPDATE !!!

This update fixes a security issue discovered today. An unauthorized user could manage groups by using direct URL's used by this add-on. Normally a user won't know these URL's, but this could potentially be abused.

Warning: This is a hotfix which fixes the security issue immediately, but it has another known issue. If you do not or can not install this hotfix right now then you are advised to DISABLE the add-on until the final fix is ready...
Click to expand...

Read the rest of this update entry...
 
Mr. Jinx said:
Mr. Jinx updated Group Membership Moderators with a new update entry:

[2.1.3] Important Security Update



Read the rest of this update entry...
Click to expand...
Thank you for resolving this security issue so quickly! Highly recommending this addon to anyone that's considering it.

I really hope for a feature that makes it possible to "catagorize" usergroups. So lets say you have administrators and VIP's:

The way Xenforo currently works is that you can either show all usergroups or show one usergroup. So if someone is lead administrator, they probably also have junior administrator etc as usergroup. But if they're also VIP, and there's different VIP ranks (e.g bronze, silver, gold) and they're gold, then you either have to show all those usergroups or just 1. Admin would obviously be above VIP in this case, so nobody would see that a player is VIP as well.

I'm hoping that you can make it possible to catagorize usergroups so group 1 is administrative, group 2 is VIP, group 3 is for this faction, etc. And then you can display 3 UGs instead of dozens if the rank structure is set up that way.

Visualization incase I haven't explained it properly:

Lead Admin
General Admin
Junior Admin
Gold Vip
Silver Vip
Bronze Vip

Becomes:
Lead Admin
Gold Vip

two seperate categories for display ^^
 
Mr. Jinx said:
Thanks for the report @Chipie678 , working on it. And money back is no problem.
Although I really would have appreciated it even more if you would have first contacted me personally about this.

In the mean time, I suggest anyone who has concerns to temporarily disable the add-on until a fix is provided.
Click to expand...

Hello ,

I would already like to apologize for reacting so it is a very useful function and I need on my forum
After discovering this and a bit angry at having bought an addon with such a big loophole and I directly created a paypal dispute

I will probably bought the addon because this one is interesting

Thank you for solving this problem quickly


Arnaud
 
Mr. Jinx said:
Mr. Jinx updated Group Membership Moderators with a new update entry:

[2.1.3] Important Security Update
Read the rest of this update entry...
Click to expand...
Thanks for getting on the fix. I hope it's released sooner rather than later.
Speaking of which ... I'm confused. I tried to download in order to test the add-on and there seems to be a download loop issue with no download. I'm also confused, as I don't see a price listed, but I see that there was a 'sale' of it back in April. Is the add-on a paid-on or free? And perhaps with the recent security issue discovery being fixed - is it why there's no download available?

Apologies for stupid questions ==> But inquiring mind wants to know LOL.

I would very much be interested in this - especially when the security issue if fixed.
Thanks,

J.
 
Stefhan said:
I really hope for a feature that makes it possible to "catagorize" usergroups. So lets say you have administrators and VIP's:
Click to expand...
Thanks for your suggestions Stefhan. At this point I don't think there will be any new features soon but when there is time, who knows. I'll put it on the wish list anyway.

Chipie678 said:
After discovering this and a bit angry at having bought an addon with such a big loophole and I directly created a paypal dispute
Click to expand...
No problem Chipie678, I might have reacted the same in your situation. We are still very glad that you reported this nasty bug.
A little background: Ofcourse security is build in to prevent unauthorized users to access those URL's. However the function that handles the permissions contained a very small error with very big impact. By fixing this bug, we discovered another issue. This issue in non-security related but is still being worked on. @NixFifty was so kind to help me with this. 🙏

JacquiiDesigns said:
And perhaps with the recent security issue discovery being fixed - is it why there's no download available?
Click to expand...
Exactly. Although the security issue has been fixed, we discovered another issue which is not security related. Once this is fixed and everything has been tested the add-on can be purchased again. It is a paid add-on.
 
Very cool that this is now free for all - I'd been considering this add-on for a little bit but wasn't sure it'd be necessary enough for my community to justify the purchase.
A couple questions:
1) Is there a way to tip you for your add-ons?
2) Does the free for all designation make future maintenance updates less likely?
 
All the add-on's I have published over here are in use on my own site. As long as I use them, they should be maintained :)
If for some reason I can't maintain this, then I will try to hand it over to someone else who can.
Good idea about tipping, I added a donation button!
 
You must log in or register to reply here.

Similar threads

Saarbruecken
  • Question Question
View IP-Addresses permission for non Super-Moderators
Replies
10
Views
803
Saarbruecken
Saarbruecken
spicer
  • Question Question
XF 2.2 How to change group membership?
Replies
12
Views
541
Paul B
P
Joe Link
Add-on Separate news feed for moderators to monitor "problem members"
Replies
9
Views
675
Noobz347
Noobz347
Joao Prates
  • Question Question
XF 2.2 How to allow moderators to edit user's secondary group
Replies
8
Views
1K
Joao Prates
Joao Prates
Stuart Wright
Do members treat 'normal' posts by moderators with more gravitas than they should do?
2
Replies
20
Views
2K
Paul B
P
Back
Top Bottom