Uploaded image for project: 'phpBB'
  1. phpBB
  2. PHPBB-14057

A moderator with the permission "Can approve and restore posts" can delete posts too.

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Resolved
    • Icon: Major Major
    • None
    • 3.1.5
    • None

      If a moderator has a permission to disapprove posts in a forum, he can remove absolutely any posts in that forum.
      It is because the current trash bin system uses approval/disapproval functions. So the "disapprove post" feature lets a moderator remove any posts if he has the permission "Can approve and restore posts".

      That moderator also has full access to the forum's trash bin and can delete and restore posts from there.

      I think that any permanent post deletions should be forbidden if the moderator does not have the permission "Can permanently delete posts".

      The fix here simply makes some links hidden, but does not remove the possibility.

            Marc Marc
            LavIgor LavIgor [X] (Inactive)
            Votes:
            2 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved: