Bug #3990
closed
This is only a problem if the moderator usergroup is not Administrator or Super Administrator. So for example "Manager".
Appears to be due to the ACL function get_users_permission and its below usage.
|| ( $user_id && $userGroups && ( ! array_intersect( $userGroups, $myGidsTree ) ) )
- Target version set to CB 2.0.0
- Status changed from New to Assigned
There's no real way to fix this without breaking the usage somewhere else. Getting a list of usergroups below a user isn't easy anymore due to the changes to usergroup usage. It's due to get_groups_below_me only getting the exact groups the user belongs to then comparing.
Now that CB has proper permissions handling perhaps get_user_permission_task and get_users_permission can be upgraded to to check permissions instead of looping through and trying to check parent/child usergroup permission.
get_user_permission_task seams to already use authoriseAction, but only for admins or super admins.
- Status changed from Assigned to Rejected
Ok, looks like permissions are already working. The usergroup needs the following set to "Allow" within CB > User Management > Options > Permissions.
Access Administration Interface
Edit
The usergroup won't have access to Joomla backend so the change is safe to make. They also can't edit users above them as well so is a complete and working solution.
The reason it fails without doing this is because it falls back to the out of date method of checking parent/child usergroup relationships, which are not very compatible with Joomla 2.5/3.0.
Also available in: Atom
PDF
Updated by