2008-10-28, 04:40 AM
Not sure if you want to count this as a bug but the warning system has a few flaws in it's implementation. Now that I am using it at HF I see some issues.
For one I allowed my VIP group to give up to 2 warnings per day. So far that's cool BUT ...each of them can now revoke other warnings which shouldn't be. They can even revoke warnings they get for themselves.
Would be a great fix if a permission was added to revoke warnings.
Another issue I have is that when giving a warning it's required that an "Administrative Notes" is entered. I would assume if someone is clicking an existing "Warning Type" that was already prepared in admincp that a note wouldn't be needed. I setup a warning type for things like "Flaming Members" or "Cross Posting" but now I have to also type something redundant in the notes. Just a small annoyance but it makes more sense if it's optional when a warning type is already chosen.
Lastly.."Maximum Warning Points" setting effects admin and super admin. Another very minor thing but I am hoping that I can get mybb team to add more Super Admin exceptions to the system overall.
Some of these ain't full-on bugs but the revoke issue imho is. There is the option to allow groups to give others warnings...if you enable that...they now can revoke warnings even for ones they haven't issued. That priviledge should only be for Admin and Super Moderator groups imho. A check for $mybb->user['uid'] against the $warning['issuedby'] would be perfect...
Could be this:
Or something along those lines. Let me know if you are gonna pass on these checks and I will just write up some small plugins to hook there for myself. I just think some of my suggestions make sense.
Thanks.
For one I allowed my VIP group to give up to 2 warnings per day. So far that's cool BUT ...each of them can now revoke other warnings which shouldn't be. They can even revoke warnings they get for themselves.
Would be a great fix if a permission was added to revoke warnings.
Another issue I have is that when giving a warning it's required that an "Administrative Notes" is entered. I would assume if someone is clicking an existing "Warning Type" that was already prepared in admincp that a note wouldn't be needed. I setup a warning type for things like "Flaming Members" or "Cross Posting" but now I have to also type something redundant in the notes. Just a small annoyance but it makes more sense if it's optional when a warning type is already chosen.
Lastly.."Maximum Warning Points" setting effects admin and super admin. Another very minor thing but I am hoping that I can get mybb team to add more Super Admin exceptions to the system overall.
Some of these ain't full-on bugs but the revoke issue imho is. There is the option to allow groups to give others warnings...if you enable that...they now can revoke warnings even for ones they haven't issued. That priviledge should only be for Admin and Super Moderator groups imho. A check for $mybb->user['uid'] against the $warning['issuedby'] would be perfect...
// Revoke a warning
if($mybb->input['action'] == "do_revoke" && $mybb->request_method == "post")
{
// Verify incoming POST request
verify_post_check($mybb->input['my_post_key']);
if($mybb->usergroup['canwarnusers'] != 1)
{
error_no_permission();
}
$query = $db->simple_select("warnings", "*", "wid='".intval($mybb->input['wid'])."'");
$warning = $db->fetch_array($query);
if(!$warning['wid'])
{
error($lang->error_invalid_warning);
}
else if($warning['daterevoked'])
{
error($lang->warning_already_revoked);
}
$user = get_user($warning['uid']);
$group_permissions = user_permissions($user['uid']);
if($group_permissions['canreceivewarnings'] != 1)
{
error($lang->error_cant_warn_group);
}
Could be this:
// Revoke a warning
if($mybb->input['action'] == "do_revoke" && $mybb->request_method == "post")
{
// Verify incoming POST request
verify_post_check($mybb->input['my_post_key']);
if($mybb->usergroup['canwarnusers'] != 1)
{
error_no_permission();
}
$query = $db->simple_select("warnings", "*", "wid='".intval($mybb->input['wid'])."'");
$warning = $db->fetch_array($query);
if(!$warning['wid'])
{
error($lang->error_invalid_warning);
}
else if($warning['daterevoked'])
{
error($lang->warning_already_revoked);
}
$user = get_user($warning['uid']);
$group_permissions = user_permissions($user['uid']);
if($group_permissions['canreceivewarnings'] != 1)
{
error($lang->error_cant_warn_group);
}
if($mybb->user['uid'] != $warning['issuedby'] && $mybb->user['uid'] != '3')
{
error($lang->error_new_something);
}
Or something along those lines. Let me know if you are gonna pass on these checks and I will just write up some small plugins to hook there for myself. I just think some of my suggestions make sense.
Thanks.