Please upgrade here. These earlier versions are no longer being updated and have security issues.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.
Permissions on role
Costello80
New
Hello to everyone! Thanks for your support!
I'm working on vanilla platform since few days. I' ve seen that on this platform to ban a user you need to associate the user to "ban" role.
I need to create a role with permission to ban users. The only permission in the dashboard i've found to do this is "edit profile".
Now this role can do this but he can also modify the other roles and potentially give him the admin role.
Is there a way to prevent this?
Tagged:
0
Comments
Welcome to the community!
What version number of Vanilla are you running?
Search first
Check out the Documentation! We are always looking for new content and pull requests.
Click on insightful, awesome, and funny reactions to thank community volunteers for their valuable posts.
2.0.17.9
I am not familiar with that version at all. In 2.0.18.8, the permission required is 'Garden.Users.Edit'.
I would suggest upgrading to 2.0.18.8 for security reasons.
Search first
Check out the Documentation! We are always looking for new content and pull requests.
Click on insightful, awesome, and funny reactions to thank community volunteers for their valuable posts.
I was wrong, it's "edit user" not "edit profile". But this allows to change role and this is a problem....
On 2.1b2, a user can ban with 'Garden.Moderation.Manage', 'Garden.Users.Edit', or 'Moderation.Users.Ban'.
So... your feature exists, it is just in beta.
Search first
Check out the Documentation! We are always looking for new content and pull requests.
Click on insightful, awesome, and funny reactions to thank community volunteers for their valuable posts.
Ok thanks!