Opened 5 years ago
Closed 5 years ago
#299 closed Defect (wontfix)
Admin Ban/Deletion
| Reported by: | mrose | Owned by: | |
|---|---|---|---|
| Priority: | high | Milestone: | Elgg 1.0 |
| Component: | Core | Version: | 1.0 |
| Severity: | major | Keywords: | Administration |
| Cc: | brettp | Difficulty: |
Description
I was experimenting with Elgg 1.0. I was playing around with the admin section and I created a new member and gave that member admin privileges. I then logged out and logged back in as that new member and was able to edit my original member's profile and even ban the original member. I think it is a bad idea to give admins the power to ban or even edit other admin's info. Just a thought....
Change History (1)
comment:1 Changed 5 years ago by marcus
- Resolution set to wontfix
- Status changed from new to closed
Note: See
TracTickets for help on using
tickets.
Possibly.
It would be fairly easy to add this functionality - either via overriding the delete event or better override the permissions check hook.