Jump to the post that solved this thread.
Solved: 2 Years, 8 Months, 3 Weeks ago How can i protect members of one group from being deleted?
#1
Solved: 2 Years, 8 Months, 3 Weeks ago
Dear all,
i have created a "protected" user group for certain accounts that should not be able to be deleted from ACP. (Banning/warning them is ok). Which files do I have to modify - and how - to make sure that accounts with the primary usergroup "protected" (id #26) can not be deleted by the "delete user" functions in the Admin CP? 

(I am aware that one can still remove them directly in the data base, but that is beside the point here.)
Reply
#2
Solved: 2 Years, 8 Months, 3 Weeks ago
(2019-01-24, 12:09 PM)linguist Wrote: Dear all,
i have created a "protected" user group for certain accounts that should not be able to be deleted from ACP. (Banning/warning them is ok). Which files do I have to modify - and how - to make sure that accounts with the primary usergroup "protected" (id #26) can not be deleted by the "delete user" functions in the Admin CP? 

(I am aware that one can still remove them directly in the data base, but that is beside the point here.)

That sounds like Admin Permissions. I think you can modify the permissions as shown in the screenshot.

[Image: 773b5e4892e9c9ab7a11850f12196ca1.png]
I'm Serpius and You're Not    ¯\_(ツ)_/¯
LUXOR FORUMS
Reply
#3
Solved: 2 Years, 8 Months, 3 Weeks ago
*sigh* Did you even read my question?

I want to make it so that one particular group (primary group) can not be deleted by those who do have the general permission to delete users.
Reply
#4
Solved: 2 Years, 8 Months, 3 Weeks ago
Give this plugin a shot: https://community.mybb.com/mods.php?action=view&pid=391
-Ben

Please do not PM me for support. I am looking to be hired for paid services.

You can view my paid services here.
Reply
#5
Solved: 2 Years, 8 Months, 3 Weeks ago
You can check the super admin setting in inc/config.php, I recall super admins can't be deleted, so you only need to find for such setting within the files and add your additional exceptions along it.
Reply
#6
Solved: 2 Years, 8 Months, 3 Weeks ago
(2019-01-25, 08:13 PM)linguist Wrote: *sigh* Did you even read my question?

I want to make it so that one particular group (primary group) can not be deleted by those who do have the general permission to delete users.

Being salty to someone who is trying to assist you is not a good idea.

Have a nice day.
I'm Serpius and You're Not    ¯\_(ツ)_/¯
LUXOR FORUMS
Reply
#7
Solved: 2 Years, 8 Months, 3 Weeks ago
(2019-01-26, 12:54 AM)Serpius Wrote: Being salty to someone who is trying to assist you is not a good idea.

Have a nice day.

Assuming that I don't know where to find ACP settings is not a god idea either. I'm not a rookie who installed mybb just yesterday.


(2019-01-25, 08:48 PM)Ben Wrote: Give this plugin a shot: https://community.mybb.com/mods.php?action=view&pid=391

I know of that plugin. But that is not what I mean, either. The protected group should not be up the hierarchy so that no one can moderate their posts or warn or ban them etc. It's only about (not) deleting their accounts.




(2019-01-25, 08:50 PM)Omar G. Wrote: You can check the super admin setting in inc/config.php, I recall super admins can't be deleted, so you only need to find for such setting within the files and add your additional exceptions along it.

Yes, but that setting is based on user IDs not group ID, so it'd be a bit tedious for a user group with dozens of members. Or it would be a core edit elsewhere to accept group ID instead of user ID as input. Furthermore, the protected group should not have admin rights.

I was thinking along the lines of modifying /{admin-cp}/modules/user/users.php but idk how.
Reply
#8
Solved: 2 Years, 8 Months, 3 Weeks ago
You could also add the group to the function that prevents deleting a super admin.
It's in inc/datahandlers/user.php:
foreach($this->delete_uids as $key => $uid)
{
    if(!$uid || is_super_admin($uid) || $uid == $mybb->user['uid'])
    {
        // Remove super admins
        unset($this->delete_uids[$key]);
    }
}

add the "protected" group (id 26):
foreach($this->delete_uids as $key => $uid)
{
    if(!$uid || is_super_admin($uid) || $uid == $mybb->user['uid'] || is_member(26, $uid))
    {
        // Remove super admins and protected group
        unset($this->delete_uids[$key]);
    }
}
Reply
#9
Solved: 2 Years, 8 Months, 3 Weeks ago
OK. Tried that and successfully deleted a test account. Sad

Correct me if i'm wrong, but does this line in  /{admin-cp}/modules/user/users.php (line 1733 for me) 

	if(is_super_admin($mybb->input['uid']) && $mybb->user['uid'] != $mybb->input['uid'] && !is_super_admin($mybb->user['uid']))

allow a super admin to delete themselves? That'd be .... odd. 

I thought a check for the "undeletable" group might work here perhaps.
Reply
#10
Solved: 2 Years, 8 Months, 3 Weeks ago
(2019-01-26, 11:23 AM)linguist Wrote: allow a super admin to delete themselves? That'd be .... odd.

Probably, tho the check inside the delete_user method is ran later.

(2019-01-26, 11:23 AM)linguist Wrote: I thought a check for the "undeletable" group might work here perhaps.

You have already been told what to edit. If you want a plugin, you just need to hook to datahandler_user_delete_start. Otherwise, add your check before $plugins->run_hooks('datahandler_user_delete_start', $this); in the /inc/datahandlers/user.php file. Something around the lines of (could be better):
		defined('PROTECTED_GROUPS') or define('PROTECTED_GROUPS', '4,187');

		foreach($this->delete_uids as $key => $uid)
		{
			$user = get_user($uid);

			if(is_member(PROTECTED_GROUPS, $user))
			{
				unset($this->delete_uids[$key]);
			}
		}
Reply
Jump to the post that solved this thread.


Forum Jump:


Users browsing this thread: 1 Guest(s)