I am facing a disgusting problem in mybb usergroup management in 1.8x.
Create a custom user group.
Then give admin cp access to them.
Permission,
Can manage users? Yes
Can manage user groups? No
But now the user of that group are able to update any user or himself to super administrator group from
/admin/index.php?module=user-users&action=edit&uid=3#tab_profile
> Primary User group
How can i prevent this... how can i prevent them from updating primary user group. is there any option in mybb.
is there any way to give a group to do everything... without access 1, template, 2, usergroup and 3, updating primary user group.
This has always been true; if you give a user ACP access to change usergroups then they can make themselves an admin.
Short answer: if you give the ability to change usergroups then you might as well make them admin.
Super users are, as far as I know, defined in the config. So they are admins, not super users.
(2014-12-10, 03:00 PM)Leefish Wrote: [ -> ]This has always been true; if you give a user ACP access to change usergroups then they can make themselves an admin.
Short answer: if you give the ability to change usergroups then you might as well make them admin.
Super users are, as far as I know, defined in the config. So they are admins, not super users.
so only one option is set permission,
Can manage users? No
Can manage user groups? No
well, is there any option to prevent at least one user from banned and edit primary user group. ?
Superadmins should be immune to this. If you have your uid in the config as a superadministrator then even other admins cannot ban you change usergroup etc. (I will double check as I have been using VBulletin a lot and I know that this is definitely true in VB and I may be remembering the wrong software.)
If your purpose is that this person is a moderator and you want them to accept users into groups then why not make them a group leader and they can accept requests to join a group.
Alternatively, you could try setting custom admin permissions for a user.
Basically, on my own boards,I work on the principle that I only allow admins in the ACP and I only make people admins after I know them for a long time and have trust in that person. Be aware that if you give a moderator/admin the ability to edit templates then you should not have ZingaBurga's Php in Templates installed/even in your plugin list if they can access plugins; rather use template conditionals.
UPDATE: I checked in my test board and that is correct; if a user is a superadmin then they can only be edited by another superadmin. Supermoderators can promote themselves if they are given access to usergroups/users
Interesting discussion! I'd never have thought of that, so I plan to take precautions too ; -)
I have a side-question though...
mybb 1.8.4: What is the function of the Primary User Group? What does the display group do? I'm trying to troubleshoot some permission problems so I thought to give a closer look... I assume MyBB will enable access if 1 of the groups a user belongs to has that permission. Denied options are always overruled if a group matches that allows that user. If so, does Primary User Group have any effects on the effective permissions of a user? And Display User group is only cosmetic, right? Troubleshooting this:
http://community.mybb.com/thread-170568-...pid1157349
Peace!
Devvie
twitter.com/devnullius
(2009-08-30, 09:00 PM)labrocca Wrote: [ -> ]Here is a small but very useful function for checking against a users usergroup and additionalgroup. Great for exemptions or inclusive settings.
<knip>
Essentially this makes plugins more efficient for group checking. The traditional method only checks for usergroup and not additional groups. I don't know why MyBB doesn't have something like this already built in somewhere but I never found it.
Hope this helps some plugin authors.
Would this still be true on 1.8.x?
For the effective persmissions question... I found this:
(2015-05-12, 11:38 AM)Destroy666 Wrote: [ -> ]If a user is in groups A, B and C and groups A and B don't have permissions to do something, but group C has, the user has permission to do it. So ticked permission in one group should override unticked permissions in other groups.
I still don't know what the Primary User Group's influence is... And if the additional user groups problem has been solved in 1.8...?