• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

Not a bug Possible to accidentally delete staff accounts

Affected version
1.5.17

NixFifty

Well-known member
#1
If you move a staff account to the "Awaiting approval" user state and then reject them from the approval queue, their account will be irreversibly deleted.

This could definitely be chalked up to being the expected behaviour but I don't believe it should be possible to add a user to this user state if they're staff.
 

Chris D

XenForo developer
Staff member
#2
I don’t particularly see a need to make any changes here. There may be valid reasons for adding a staff member to this state, such as to temporarily disable their account for some reason, especially if there’s a suspicion it has been accessed by a third party or similar.

We can say it’s sort of fixed by proxy in XF2 as rejecting a user no longer irreversibly deletes the user, instead it just marks them as rejected. So all things considered, I think that’s sufficient.
 

NixFifty

Well-known member
#3
I don’t particularly see a need to make any changes here. There may be valid reasons for adding a staff member to this state, such as to temporarily disable their account for some reason, especially if there’s a suspicion it has been accessed by a third party or similar.
This was the case until another admin came along and emptied a mile long approval queue. Definitely user error (for not paying enough attention to what was being rejected) but I think it should be made a little more difficult to do that.
 

Chris D

XenForo developer
Staff member
#4
We’ve done that for XF2, there isn’t really a viable way in XF1 that we’d add at this stage.
 

Chris D

XenForo developer
Staff member
#5
As a workaround you can use any other state apart from Valid for a similar effect. Anything that isn’t valid will give the user the same permission set as guests.
 

NixFifty

Well-known member
#6
As a workaround you can use any other state apart from Valid for a similar effect. Anything that isn’t valid will give the user the same permission set as guests.
Sadly, the admins that did this weren't aware but, luckily, I have backups. :)