1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Fixed Making a member an Administrator gives them access to the Moderator Toolbar

Discussion in 'Resolved Bug Reports' started by Brogan, Nov 13, 2010.

  1. Brogan

    Brogan XenForo Moderator Staff Member

    I have all Administrator permissions set to "Default" so they can be explicitly assigned for each administrator individually.

    When I make a member an Administrator but do not add them to any additional user groups or grant any permissions, they can access the ACP (just caches and error log) but they also have access to the Moderator Toolbar so can see reported items and items in the moderation queue.
    This is despite them not being a moderator or having any moderator capabilities.

    That seems to contradict Mike's post here:
    Unless someone is specifically made a moderator then the Moderator Toolbar should not be available.
     
  2. Nasr

    Nasr Well-Known Member

    don't admins have permission to view the moderator toolbar once they are assigned to the admin group?
     
    Peggy likes this.
  3. Peggy

    Peggy Well-Known Member

    We can on my test board.
     
  4. Decent60

    Decent60 Well-Known Member

    When you put someone in the Administrator, they gain access to it via this IF statement:
    PHP:
    <xen:if is="{$visitor.is_moderator} || {$visitor.is_admin}">
        <
    xen:include template="moderator_bar" />
    <
    xen:elseif is="!{$visitor.user_id} && !{$hideLoginBar}/>
        <
    xen:include template="login_bar" />
    </
    xen:if>
    However, my test Admin could not see any reported messages or queued messages inside them but rather only access to see that bar (it doesn't even show a count). Even making him a Super Admin doesn't allow him to have access to any mod powers. You need to make them a Super Mod before that could happen. So really, the only reason they need to see it, is so that they can have access to the AdminCP and Test Permissions area.
     
  5. Peggy

    Peggy Well-Known Member

    Hmmmmm, I'm not sure I like that. IMO, an admin should have access to everything without having to be placed into an additional usergroup.
     
    Alluidh and Ranger375 like this.
  6. Ahmed

    Ahmed Well-Known Member

    True. That how it should be.
     
    Alluidh likes this.
  7. Brogan

    Brogan XenForo Moderator Staff Member

    I have a member who needs to access the ACP to be able to create Pages.

    He isn't a moderator however so should not have access to any moderator permissions or features.

    The two functions are completely separate and should remain so.
     
    Enigma likes this.
  8. Brogan

    Brogan XenForo Moderator Staff Member

    Editing that IF statement to remove the || {$visitor.is_admin} just removes the whole bar as the moderator_bar template only contains an IF statement for admin.
    Adding another IF for moderator to that template as follows fixes it:

    PHP:
            <xen:if is="{$visitor.is_moderator}">
                <
    a href="{xen:link moderation-queue}" class="moderationQueue modLink">
                    <
    span class="itemLabel">{xen:phrase moderation_queue}:</span>
                    <
    span class="itemCount {xen:if {$session.moderationCounts.total}, 'alert'}">{$session.moderationCounts.total}</span>
                </
    a>

                <
    a href="{xen:link reports}" class="reportedItems modLink">
                    <
    span class="itemLabel">{xen:phrase reported_items}:</span>
                    <
    span class="itemCount {xen:if {$session.reportCounts.total}, 'alert'}">{$session.reportCounts.total}</span>
                </
    a>
            </
    xen:if>
     
  9. g0rn

    g0rn Well-Known Member

    I agree that making member an administrator should only give him an access to the Admin CP, not to any moderator tools. If you want to give him that tools you should make him a moderator. Editing a template hides the links, but they are still able to see moderation queue and reported items if they enter the URL directly to their browser.
     
    Brogan likes this.
  10. Ahmed

    Ahmed Well-Known Member

    That can be done by setting permissions and privileges.
    Well, It does not bother me, I'm just saying that an admin should have access to all tools but could be limited to what permissions and privileges the owner of the site gives him. I mean an admin is higher than a moderator, right?
     
    Ranger375 and Peggy like this.
  11. Brogan

    Brogan XenForo Moderator Staff Member

    If a member is not a moderator then they have no moderator capabilities so the moderator toolbar should not be accessible.

    They are two completely different roles.

    I have admins who can access the ACP but who aren't moderators.
    I have moderators who can't access the ACP.
    I have members who can do both.

    This is why the permission system allows you to set the admin and moderator user group permissions to default and then explicitly grant the various permissions on an individual user basis.
     
  12. Mike

    Mike XenForo Developer Staff Member

    Fixed.
     
    Decent60, Dean and Brogan like this.
  13. DarkUnderlord

    DarkUnderlord Member

    Sorry, what permissions do I need to set to see this toolbar? I'm admin and super admin of my forum - and I have full rights over every forum to add / edit / delete posts etc... - and yet I can't see the moderator toolbar? I've added myself to the moderator group as well but still don't see it.

    Surely if you have rights over the forums, you should see the toolbar?

    EDIT: Ok, I don't get that. I had to make myself a Super Moderator as well... Which granted me permissions I already had so that I could see a toolbar. That doesn't make any sense.
     
  14. Brogan

    Brogan XenForo Moderator Staff Member

    Giving a member moderator pemissions does not make them a moderator.
    http://xenforo.com/help/moderators/

    In order to have access to all of the moderator tools and functionality, and to appear as Staff, a user must be explicitly made a moderator.

    If a user is given moderator permissions without being made a moderator, the Moderator Bar, Moderation Queue, and Reported Posts will not be accessible.
     

Share This Page