• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

Fixed  Making a member an Administrator gives them access to the Moderator Toolbar

Brogan

XenForo moderator
Staff member
#1
I have all Administrator permissions set to "Default" so they can be explicitly assigned for each administrator individually.

When I make a member an Administrator but do not add them to any additional user groups or grant any permissions, they can access the ACP (just caches and error log) but they also have access to the Moderator Toolbar so can see reported items and items in the moderation queue.
This is despite them not being a moderator or having any moderator capabilities.

That seems to contradict Mike's post here:
That's part of the "moderator toolbar", so it's only shown to people that are actually moderators. That's not changable at this time.
Unless someone is specifically made a moderator then the Moderator Toolbar should not be available.
 

Decent60

Well-known member
#4
When you put someone in the Administrator, they gain access to it via this IF statement:
PHP:
<xen:if is="{$visitor.is_moderator} || {$visitor.is_admin}">
    <xen:include template="moderator_bar" />
<xen:elseif is="!{$visitor.user_id} && !{$hideLoginBar}" />
    <xen:include template="login_bar" />
</xen:if>
However, my test Admin could not see any reported messages or queued messages inside them but rather only access to see that bar (it doesn't even show a count). Even making him a Super Admin doesn't allow him to have access to any mod powers. You need to make them a Super Mod before that could happen. So really, the only reason they need to see it, is so that they can have access to the AdminCP and Test Permissions area.
 

Brogan

XenForo moderator
Staff member
#7
I have a member who needs to access the ACP to be able to create Pages.

He isn't a moderator however so should not have access to any moderator permissions or features.

The two functions are completely separate and should remain so.
 

Brogan

XenForo moderator
Staff member
#8
When you put someone in the Administrator, they gain access to it via this IF statement:
Editing that IF statement to remove the || {$visitor.is_admin} just removes the whole bar as the moderator_bar template only contains an IF statement for admin.
Adding another IF for moderator to that template as follows fixes it:

PHP:
        <xen:if is="{$visitor.is_moderator}">
            <a href="{xen:link moderation-queue}" class="moderationQueue modLink">
                <span class="itemLabel">{xen:phrase moderation_queue}:</span>
                <span class="itemCount {xen:if {$session.moderationCounts.total}, 'alert'}">{$session.moderationCounts.total}</span>
            </a>

            <a href="{xen:link reports}" class="reportedItems modLink">
                <span class="itemLabel">{xen:phrase reported_items}:</span>
                <span class="itemCount {xen:if {$session.reportCounts.total}, 'alert'}">{$session.reportCounts.total}</span>
            </a>
        </xen:if>
 

g0rn

Well-known member
#9
I agree that making member an administrator should only give him an access to the Admin CP, not to any moderator tools. If you want to give him that tools you should make him a moderator. Editing a template hides the links, but they are still able to see moderation queue and reported items if they enter the URL directly to their browser.
 

Ahmed

Well-known member
#10
I have a member who needs to access the ACP to be able to create Pages.

He isn't a moderator however so should not have access to any moderator permissions or features.

The two functions are completely separate and should remain so.
That can be done by setting permissions and privileges.
Well, It does not bother me, I'm just saying that an admin should have access to all tools but could be limited to what permissions and privileges the owner of the site gives him. I mean an admin is higher than a moderator, right?
 

Brogan

XenForo moderator
Staff member
#11
That can be done by setting permissions and privileges.
If a member is not a moderator then they have no moderator capabilities so the moderator toolbar should not be accessible.

I mean an admin is higher than a moderator, right?
They are two completely different roles.

I have admins who can access the ACP but who aren't moderators.
I have moderators who can't access the ACP.
I have members who can do both.

This is why the permission system allows you to set the admin and moderator user group permissions to default and then explicitly grant the various permissions on an individual user basis.
 
#13
Sorry, what permissions do I need to set to see this toolbar? I'm admin and super admin of my forum - and I have full rights over every forum to add / edit / delete posts etc... - and yet I can't see the moderator toolbar? I've added myself to the moderator group as well but still don't see it.

Surely if you have rights over the forums, you should see the toolbar?

EDIT: Ok, I don't get that. I had to make myself a Super Moderator as well... Which granted me permissions I already had so that I could see a toolbar. That doesn't make any sense.
 

Brogan

XenForo moderator
Staff member
#14
That doesn't make any sense.
Giving a member moderator pemissions does not make them a moderator.
http://xenforo.com/help/moderators/

In order to have access to all of the moderator tools and functionality, and to appear as Staff, a user must be explicitly made a moderator.

If a user is given moderator permissions without being made a moderator, the Moderator Bar, Moderation Queue, and Reported Posts will not be accessible.