MyBB

linguist · 2019-01-24, 12:09 PM

Dear all,
i have created a "protected" user group for certain accounts that should not be able to be deleted from ACP. (Banning/warning them is ok). Which files do I have to modify - and how - to make sure that accounts with the primary usergroup "protected" (id #26) can not be deleted by the "delete user" functions in the Admin CP?

(I am aware that one can still remove them directly in the data base, but that is beside the point here.)

Serpius · 2019-01-24, 12:20 PM

(2019-01-24, 12:09 PM)linguist Wrote: Dear all,
i have created a "protected" user group for certain accounts that should not be able to be deleted from ACP. (Banning/warning them is ok). Which files do I have to modify - and how - to make sure that accounts with the primary usergroup "protected" (id #26) can not be deleted by the "delete user" functions in the Admin CP?

(I am aware that one can still remove them directly in the data base, but that is beside the point here.)

That sounds like Admin Permissions. I think you can modify the permissions as shown in the screenshot.

[Image: 773b5e4892e9c9ab7a11850f12196ca1.png]

[Image: 773b5e4892e9c9ab7a11850f12196ca1.png]

linguist · 2019-01-25, 08:13 PM

*sigh* Did you even read my question?

I want to make it so that one particular group (primary group) can not be deleted by those who do have the general permission to delete users.

Ben · 2019-01-25, 08:48 PM

Give this plugin a shot: https://community.mybb.com/mods.php?action=view&pid=391

Omar G. · 2019-01-25, 08:50 PM

You can check the super admin setting in inc/config.php, I recall super admins can't be deleted, so you only need to find for such setting within the files and add your additional exceptions along it.

Serpius · 2019-01-26, 12:54 AM

(2019-01-25, 08:13 PM)linguist Wrote: *sigh* Did you even read my question?

I want to make it so that one particular group (primary group) can not be deleted by those who do have the general permission to delete users.

Being salty to someone who is trying to assist you is not a good idea.

Have a nice day.

linguist · 2019-01-26, 09:33 AM

(2019-01-26, 12:54 AM)Serpius Wrote: Being salty to someone who is trying to assist you is not a good idea.

Have a nice day.

Assuming that I don't know where to find ACP settings is not a god idea either. I'm not a rookie who installed mybb just yesterday.

(2019-01-25, 08:48 PM)Ben Wrote: Give this plugin a shot: https://community.mybb.com/mods.php?action=view&pid=391

I know of that plugin. But that is not what I mean, either. The protected group should not be up the hierarchy so that no one can moderate their posts or warn or ban them etc. It's only about (not) deleting their accounts.

(2019-01-25, 08:50 PM)Omar G. Wrote: You can check the super admin setting in inc/config.php, I recall super admins can't be deleted, so you only need to find for such setting within the files and add your additional exceptions along it.

Yes, but that setting is based on user IDs not group ID, so it'd be a bit tedious for a user group with dozens of members. Or it would be a core edit elsewhere to accept group ID instead of user ID as input. Furthermore, the protected group should not have admin rights.

I was thinking along the lines of modifying /{admin-cp}/modules/user/users.php but idk how.

doylecc · 2019-01-26, 10:44 AM

You could also add the group to the function that prevents deleting a super admin.
It's in inc/datahandlers/user.php:

foreach($this->delete_uids as $key => $uid)
{
    if(!$uid || is_super_admin($uid) || $uid == $mybb->user['uid'])
    {
        // Remove super admins
        unset($this->delete_uids[$key]);
    }
}

add the "protected" group (id 26):

foreach($this->delete_uids as $key => $uid)
{
    if(!$uid || is_super_admin($uid) || $uid == $mybb->user['uid'] || is_member(26, $uid))
    {
        // Remove super admins and protected group
        unset($this->delete_uids[$key]);
    }
}

linguist · (This post was last modified: 2019-01-26, 11:42 AM by linguist.)

OK. Tried that and successfully deleted a test account. Sad

Correct me if i'm wrong, but does this line in /{admin-cp}/modules/user/users.php (line 1733 for me)

	if(is_super_admin($mybb->input['uid']) && $mybb->user['uid'] != $mybb->input['uid'] && !is_super_admin($mybb->user['uid']))

allow a super admin to delete themselves? That'd be .... odd.

I thought a check for the "undeletable" group might work here perhaps.

Omar G. · (This post was last modified: 2019-01-26, 06:36 PM by Omar G..)

(2019-01-26, 11:23 AM)linguist Wrote: allow a super admin to delete themselves? That'd be .... odd.

Probably, tho the check inside the delete_user method is ran later.

(2019-01-26, 11:23 AM)linguist Wrote: I thought a check for the "undeletable" group might work here perhaps.

You have already been told what to edit. If you want a plugin, you just need to hook to datahandler_user_delete_start. Otherwise, add your check before $plugins->run_hooks('datahandler_user_delete_start', $this); in the /inc/datahandlers/user.php file. Something around the lines of (could be better):

		defined('PROTECTED_GROUPS') or define('PROTECTED_GROUPS', '4,187');

		foreach($this->delete_uids as $key => $uid)
		{
			$user = get_user($uid);

			if(is_member(PROTECTED_GROUPS, $user))
			{
				unset($this->delete_uids[$key]);
			}
		}

Login
Username:
Password:	Lost Password?
	Remember me