LeaderI think its enough that moderators can suspend an account. A moderator therefor should not be able to delete an account or change profile details. Leave that duty to the admin to do. So i will be looking into how to remove the delete button from the list of options from the moderators view.
Allowing these features (edit and delete) should be an admin option and maybe in 1.6 it will be.
Leaderso here is the current code for delete user.. (abbreviated of course for example purposes)
public function deleteUser( $params )
{
if ( !OW::getRequest()->isAjax() )
{
throw new Redirect404Exception();
}
$userId = (int) $params['user-id'];
$user = BOL_UserService::getInstance()->findUserById($userId);
if ( $user === null || !OW::getUser()->isAuthorized('base') )
{
i have not decided if its better to attack this from here and change isAuthorized('base') to isAdmin (moderators have base permissions) which would keep moderators from deleting but they would still have the button im sure and it would just give them an error when they clicked it
unless i just take base permission away but then that would affect other things they should be able to do.
i think its probably better to attack this both ways, here and also in the html display of buttons (which i have not found that file yet)
What do you team members think you think this should be a core change as well.
if we need to move this to code changes area team thats fine.
Leaderhere is my change to that and it does work and the moderators will get the message that they do not have permission, but they will get the button and they will get the confirm delete message but then they get the no permission message.
in ow_system_plugins/base/controllers/user.php
public function deleteUser( $params )
{
if ( !OW::getRequest()->isAjax() )
{
throw new Redirect404Exception();
}
$userId = (int) $params['user-id'];
$user = BOL_UserService::getInstance()->findUserById($userId);
//changed to only allow admin to delete
//old code
// if ( $user === null || !OW::getUser()->isAuthorized('base') )
if ( $user === null || !OW::getUser()->isAdmin() )
{
//added message
exit(json_encode(array(
'message' => 'Sorry but only Admin can delete users - no permission',
'result' => 'error'
)));
}
now to find the button... yes i know core changes are not recommended but i am hoping that when the team sees this they will make this a core change.
Leaderwell the button is a bit more complicated and not in my expertise level. i found the php and the html file its profile_action_toolbar but after looking at both the php and the html and the db it appears there is just not an option to isolate and remove the delete button (unless you want to remove base permissions which is not what we want). Meaning that the button shows up due to being included in a general permission solution and not any code specific enough to say "this is the permission to show del button" or not. There is a foreach process that could be added to in order to grab the value of the button i guess and check if not admin then next foreach and include that in the array.
So basically any moderator with base permission will see this button and it would have to be a new extensive core change to isolate the actual delete button (permission itself). I could be wrong but that is what i see is happening.
So we are left with just doing the code above i guess and letting them click the button to get the message.
Team your thoughts please :)
LeaderNow for part 2 the edit profile issue.
very simple its in ow_system_plugins/base/components/user_view_widget.php
and the function is
public function __construct( BASE_CLASS_WidgetParameter $params )
{
find this part
if ( ( OW::getUser()->isAdmin() || OW::getUser()->isAuthorized('base') ) )
{
$adminMode = true;
$questions = $questionService->findAllQuestionsForAccountType($accountType);
}
and change it like so
//changed to not allow moderators to edit profiles
//old code
// if ( ( OW::getUser()->isAdmin() || OW::getUser()->isAuthorized('base') ) )
if ( ( OW::getUser()->isAdmin() ) )
{
$adminMode = true;
$questions = $questionService->findAllQuestionsForAccountType($accountType);
}
again another good idea for core change IMO
LeaderI agree, but what would that situation be, i kept asking myself, why would they need to and i could not come up with a reason. I think deleting accounts, editing profiles, and even changing roles should be added the the base permissions list in admin.
Did you know that a moderator can change their own role to make it admin.
Leader
Team
Now for part 2 the edit profile issue. very simple its in ow_system_plugins/base/components/user_view_widget.php and the function is public function __construct( BASE_CLASS_WidgetParameter $params ) { find this part if ( ( OW::getUser()->isAdmin() || OW::getUser()->isAuthorized('base') ) ) { $adminMode = true; $questions = $questionService->findAllQuestionsForAccountType($accountType); } and change it like so //changed to not allow moderators to edit profiles //old code // if ( ( OW::getUser()->isAdmin() || OW::getUser()->isAuthorized('base') ) ) if ( ( OW::getUser()->isAdmin() ) ) { $adminMode = true; $questions = $questionService->findAllQuestionsForAccountType($accountType); } again another good idea for core change IMO
Moderator
ALLOWED:
-SUSPEND USER
-CHANGE ROLE ON USER PROFILE STATUS
-PRIVACY & PERMISSIONS
.GLOBAL PRIVACY <----not allowed
.ROLES <----not allowed
.MODERATORS <---- only this option are allowed to Moderator i assign as " ADMIN " so the moderator admin can assign another moderator or admin, and they cannot access DASHBOARD setting or change my default setting on themes, plugin etc.
DON'T ALLOWED FOR "MODERATOR ADMIN" AND " MODERATOR"
-DELETE USER
-CUSTOMIZE THIS PAGE
-PLUGIN, APPEARANCE
-PRIVACY & PERMISSIONS
-SETTINGS
-USER
-DASHBOARD
ETC.
can you help me how to do this? ^_^ Thank you so much
LeaderI have not worked that up, i dont really plan on that. Why not let them suspend accounts you can always unsuspend them if you disagree, it is better to have them make a mistake and suspend and learn how and when, than to risk a troublemaker causing drama or worse damaging your site.
If you are going to take away the good stuff then first they are nothing more than normal members with a fancy logo on their picture and you just frustrate them when trouble comes knocking because a powerless MOD is laughed at by everyone IMO..
. Can change user role on profile
. Can delete / suspend & unsuspend user . Can approve / disapprove user
. Can Delete Content like comment, video etc. . With admin dashboard and can edit content like video, photo etc. . And more....
. etc.
- COADMIN
. Can add / remove moderator . Can change user role on profile
. Suspend & unsuspend user . Can approve / disapprove user
. Can Delete Content like comment, video etc.
. withouth admin dashboard but can edit content like video, photo etc. . etc.
- MODERATOR . Can approve / disapprove user
. Can Delete Content like comment, video etc.
------------------------------------------------------------
I think more moderators on our website is better but limited what they can do..,
This feature is helping site owner and fell free for anything else without any trouble,
LeaderI will update this due to 1.6 being slightly different for one file
below is how the mod code looks with the old code commented out.
ow_system_plugins/base/controllers/user.php
inside of function deleteUser around line 378 about 3/4 down the page
//changed only to allow admin to delete users
//old code
// if ( $user === null || !OW::getUser()->isAuthorized('base') )
if ( $user === null || !OW::getUser()->isAdmin() )
{
//added message
exit(json_encode(array(
'message' => 'Sorry but only Admin can delete users - no permission',
'result' => 'error'
)));
}
if you only want admin to edit profiles
ow_system_plugins/base/components/user_view_widget.php
inside of function __construct on about line 40
//orig code
// $adminMode = OW::getUser()->isAdmin() || OW::getUser()->isAuthorized('base');
// mod to only allow admin to edit profiles
$adminMode = OW::getUser()->isAdmin();
good luck :)
