Details
-
Bug
-
Status: Open (View Workflow)
-
Major
-
Resolution: Unresolved
-
3.1.9
-
None
-
None
Description
I believe there is the following inconsistency with moderator's permissions.
Suppose moderators have a permissions to softdelete posts (m_softdelete), but not to delete posts (m_delete).
That means that they have access to delete button on each post in viewtopic, since in viewtopic.php the permission is checked this way:
$delete_allowed = $force_delete_allowed || ($user->data['is_registered'] && ( |
($auth->acl_get('m_delete', $forum_id) || ($auth->acl_get('m_softdelete', $forum_id) && $row['post_visibility'] != ITEM_DELETED)) || |
(!$s_cannot_delete && !$s_cannot_delete_lastpost && !$s_cannot_delete_time && !$s_cannot_delete_locked)
|
));
|
Meanwhile, should they need to delete many posts instead, they go to the MCP (as they used to in 3.0.x). There they can see the topic with checkboxes on each post, but there is no option in the bottom selector for them to delete marked posts (only to merge/split topics, etc). This is because in mcp_topic permissions are checked differently and m_softdelete is ignored there:
'S_CAN_DELETE' => ($auth->acl_get('m_delete', $topic_info['forum_id'])) ? true : false, |
This is inconsistent both with 3.0 behavior (with softdelete mod ofc) and with viewtopic behavior. Please consider fixing this and allowing moderators to mass soft delete messages from mcp.