MyBB Community Forums

Not sure if you want to count this as a bug but the warning system has a few flaws in it's implementation. Now that I am using it at HF I see some issues.

For one I allowed my VIP group to give up to 2 warnings per day. So far that's cool BUT ...each of them can now revoke other warnings which shouldn't be. They can even revoke warnings they get for themselves.

Would be a great fix if a permission was added to revoke warnings.

Another issue I have is that when giving a warning it's required that an "Administrative Notes" is entered. I would assume if someone is clicking an existing "Warning Type" that was already prepared in admincp that a note wouldn't be needed. I setup a warning type for things like "Flaming Members" or "Cross Posting" but now I have to also type something redundant in the notes. Just a small annoyance but it makes more sense if it's optional when a warning type is already chosen.

Lastly.."Maximum Warning Points" setting effects admin and super admin. Another very minor thing but I am hoping that I can get mybb team to add more Super Admin exceptions to the system overall.

Some of these ain't full-on bugs but the revoke issue imho is. There is the option to allow groups to give others warnings...if you enable that...they now can revoke warnings even for ones they haven't issued. That priviledge should only be for Admin and Super Moderator groups imho. A check for $mybb->user['uid'] against the $warning['issuedby'] would be perfect...

// Revoke a warning
if($mybb->input['action'] == "do_revoke" && $mybb->request_method == "post")
{
	// Verify incoming POST request
	verify_post_check($mybb->input['my_post_key']);

	if($mybb->usergroup['canwarnusers'] != 1)
	{
		error_no_permission();
	}

	$query = $db->simple_select("warnings", "*", "wid='".intval($mybb->input['wid'])."'");
	$warning = $db->fetch_array($query);

	if(!$warning['wid'])
	{
		error($lang->error_invalid_warning);
	}
	else if($warning['daterevoked'])
	{
		error($lang->warning_already_revoked);
	}

	$user = get_user($warning['uid']);

	$group_permissions = user_permissions($user['uid']);
	if($group_permissions['canreceivewarnings'] != 1)
	{
		error($lang->error_cant_warn_group);
	}

Could be this:

// Revoke a warning
if($mybb->input['action'] == "do_revoke" && $mybb->request_method == "post")
{
	// Verify incoming POST request
	verify_post_check($mybb->input['my_post_key']);

	if($mybb->usergroup['canwarnusers'] != 1)
	{
		error_no_permission();
	}

	$query = $db->simple_select("warnings", "*", "wid='".intval($mybb->input['wid'])."'");
	$warning = $db->fetch_array($query);

	if(!$warning['wid'])
	{
		error($lang->error_invalid_warning);
	}
	else if($warning['daterevoked'])
	{
		error($lang->warning_already_revoked);
	}

	$user = get_user($warning['uid']);

	$group_permissions = user_permissions($user['uid']);
	if($group_permissions['canreceivewarnings'] != 1)
	{
		error($lang->error_cant_warn_group);
	}
           if($mybb->user['uid'] != $warning['issuedby'] && $mybb->user['uid'] != '3')
           {
                      error($lang->error_new_something);
           }

Or something along those lines. Let me know if you are gonna pass on these checks and I will just write up some small plugins to hook there for myself. I just think some of my suggestions make sense.

Thanks.

Please put suggestions in the suggestions forum and bug reports in their separate threads in this forum so we can properly mark each bug as fixed when we do fix it. This is also so SQA can verify each fix independently of other fixes.

Alright...then would you consider revoking of other members warnings a bug? If not then just move this whole thing to suggestions. If you do let me know and I will split this up and edit it properly to reflect that view.

Please keep in mind the Warning system was created as a system for forum staff to deal out punishments to other users. As such, obviously Admins should have permission to revoke any warning whether or not they created it.

You're pretty much using it as a reputation system now, which wasn't the intent of the system.

Yeah I sort of understand Dennis but you did give the ability for any group to leave warnings. And my intent isn't to make it a reputation system but to extend moderator abilities to an extent to my VIP group. This allows them to moderate each other.

I agree that Admins should have this ability but so does anyone give the ability to give warnings. Even if you had a one-forum moderator they could go in and revoke warnings too. I gotta assume that's not your intentions either.

If you guys gonna pass on this as a bug I will just use the hook that's there and deal with it myself. I just think adding one extra group permission for "can revoke others warnings" is a great solution.

So I am just curious if I should bother with a plugin or will this make it into bug fixes next maintenance release?

(2008-10-28, 10:03 PM)labrocca Wrote: [ -> ]Yeah I sort of understand Dennis but you did give the ability for any group to leave warnings.

If we didn't have that feature, then people would be upset when they cannot disable warning-giving abilities to Super-moderators or Moderators (for whatever reason).

(2008-10-28, 10:03 PM)labrocca Wrote: [ -> ]I agree that Admins should have this ability but so does anyone give the ability to give warnings. Even if you had a one-forum moderator they could go in and revoke warnings too. I gotta assume that's not your intentions either.

I don't see why that's a problem. Revoked warnings are still saved in the database, and in any case the staff on the forum should be people you trust.

(2008-10-28, 10:03 PM)labrocca Wrote: [ -> ]So I am just curious if I should bother with a plugin or will this make it into bug fixes next maintenance release?

As this requires an additional permission to be created, I doubt it will make it into a maintenance release.

Alright I will just solve this myself.

Quote:If we didn't have that feature, then people would be upset when they cannot disable warning-giving abilities to Super-moderators or Moderators (for whatever reason).

But you might not want to allow Super Moderators to revoke warnings they didn't originally give either. I know if I was a Super Mod and another Super Mod revoked my warning that would piss me off. Only admins imho should have full rights to give and revoke as they please.

Quote: and in any case the staff on the forum should be people you trust.

My VIP group isn't staff. The warning system serves as a middle ground between moderator permissions and reported posts. I allow my VIP group (well over 100 members) to warn others on certain violations and only so many per day (currently 2). Now if a new member builds up enough warning points and reach a certain level (50%) then they have restricted access.

That works great for creating a self moderated site where members can assist finding problems. It's AWESOME. So far the only problem was that people could revoke their own warnings and others that they didn't give. Imagine members who have the ability to give a reputation can also delete them too. It just doesn't make sense in practice.

You're viewing the warning system as something ONLY moderators can have. Yet you have given the right to ANY group that is given permission and is NOT moderators. That's cool. It's very useful but imho you guys overlooked one thing. It's easy to do because maybe you don't use things as much as I do. I actually use a lot of the features of mybb and I use them often. This doesn't mean you have to cater to me but I hope my suggestion is thought out.

Thanks Dennis for the replies.