users with permission (a_groupdel) can delete board system groups (group_type = 3) if they called manually url to delete a group and set groupid to a systemgroupid

acp_groups.php do not check on delete is the group a systemgroup or not, its proceeded without check, we need this check to protect additional mods with own systemgroups from the admins as a hosting project

and i mean this is bug, because in acp german stand, that system groups are not deletable

an example working acp_groups.php + = inserts

switch ($action)

193 {

194 case 'delete':

195 if (!$auth->acl_get('a_groupdel'))

196

{ 197 trigger_error($user->lang['NO_AUTH_OPERATION'] . adm_back_link($this->u_action), E_USER_WARNING); 198 }

+ if ($group_row['group_type'] == GROUP_SPECIAL)
+
+

{ + + trigger_error($user->lang['NO_GROUP'] . adm_back_link($this->u_action), E_USER_WARNING); + + }

+
199
200 $error = group_delete($group_id, $group_row['group_name']);

201 break;