Please upgrade here. These earlier versions are no longer being updated and have security issues.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.
Permissons
Rockislife
New
I want to have moderators/admins of the forum be able to delete users but I don't want them to be able to delete the main root user(The user that is created when the forum is first installed). Is this possible?
0
Comments
You need to find trusted admins and mods. I believe they can't delete the superadmin but I could be wrong..
❌ ✊ ♥. ¸. ••. ¸♥¸. ••. ¸♥ ✊ ❌
I fully agree that your admins and moderators shouldn't be admins and mods if you do not trust them.
But nevertheless you can restrict who can be deleted. An easy solution will not display a nice message for this, but good admins and mods shouldn't even try
This will prevent all admins from being deleted:
public function userController_beforeUserDelete_handler($sender, $args) { $roles = RoleModel::getAllDefaultRoles(); foreach ($roles[RoleModel::TYPE_ADMINISTRATOR] as $adminRole) { if (array_key_exists($adminRole, $args['UserRoleData'])) { $args['CanDelete'] = false; } } }And this will prevent that the super admin is deleted:
public function userController_beforeUserDelete_handler($sender, $args) { if ($args['TargetUser']->Admin > 0) { $args['CanDelete'] = false; } }Thank You R_J
where do i put that code?
Where do I put that
Nice R_J, but what about an admin or mod change roles on an admin so it becomes member or guest, that is the same as deletion.
Maybe the rule should include not being able to edit the admin profiles at all much less delete the person. Admins can do everything , but they should not be able to edit other admin's profiles. Or at least send a notification to the edited admin that his or her profile was edited.
It would be useful to only allow the superadmin to edit profile and role change or delete other admins but them not be able to do it to the superadmin so you don't lose access to the forum because they changed your name , role, or password as well as email.
I was burglarized a few days ago and it feels quite awful, a complete violation. It feels the same when someone hijacks your forum and shut you out.
I am surprised there is no plugin called SafeAdmin …..
❌ ✊ ♥. ¸. ••. ¸♥¸. ••. ¸♥ ✊ ❌
@Rockislife you need a custom plugin for that.
Just copy any simple plugin (one that consists only of one file) and change the name of the plugin anywhere in the file name and in the copied code to your plugins name.
Then delete eveything between the first "{" and the last "}" and put the code above between those brackets. After that you only have to enable your plugin from the dashboard
@vrijvlinder you are completely right about admins being able to change user roles and then delete "former" admins without problems. But at least that wouldn't work for the super admin if he uses the snippet that checks the Admin column and not the users role.
I guess there is no such plugin like a SafeAdmin because that must have be done by backups and trustworthy co-admins
I have an addon called role protect: https://vanillaforums.org/addon/roleprotect-plugin
That lets you give admin without allowing them to add/remove specific roles.
Search first
Check out the Documentation! We are always looking for new content and pull requests.
Click on insightful, awesome, and funny reactions to thank community volunteers for their valuable posts.