MyBB

Imad Jomaa · 2009-04-07, 07:47 PM

I can't reproduce this. Does your account have a secondary group associated with it?

Scoutie44 · 2009-04-08, 01:15 AM

Users with administrative permissions can use the 'Quick Edit' to edit a post in a locked forum, however the 'Full Edit' produces a 'Permission Denied' error. However, when users attempt to edit one of their posts in a locked forum with the 'Quick Edit', they too receive an error.

The admin permissions for Quick editing obviously aren't checked when a forum is locked.

Imad Jomaa · 2009-04-08, 05:00 AM

An admin is suppose to edit a locked thread. When I tested this, I was able to edit the post in the quick edit and full edit.

Answer my question below:

(2009-04-07, 07:47 PM)Imad Jomaa Wrote: IDoes your account have a secondary group associated with it?

Troll · (This post was last modified: 2009-04-08, 12:02 PM by Troll.)

A locked thread and a thread in a locked forum are not the same thing Imad Jomaa !

And no, I've no secondary group associated with my account.

If you looked the PHP code posted on first page, you saw that usergroup, secondary group etc... won't change anything to the MyBB's response.
If forum is closed, Mybb will answer "Permission denied", there's no other thing to find.

Tomm M · 2009-04-08, 12:03 PM

Imad, here's an example for you here at MyBB.

Go to your post: http://community.mybboard.net/thread-402...#pid270043

If you click on full edit, it hits an error_no_permission, but you can still "quick edit" it and change the contents.

Michael S. · (This post was last modified: 2009-04-08, 03:07 PM by Michael S..)

Try this: Open the file xmlhttp.php and find:

// If this user is not a moderator with "caneditposts" permissions.
if(!is_moderator($forum['fid'], "caneditposts"))
{
	// Thread is closed - no editing allowed.
	if($thread['closed'] == 1)
	{
		xmlhttp_error($lang->thread_closed_edit_message);
	}
	// Forum is not open, user doesn't have permission to edit, or author doesn't match this user - don't allow editing.
	else if($forum['open'] == 0 || $forumpermissions['caneditposts'] == 0 || $mybb->user['uid'] != $post['uid'] || $mybb->user['uid'] == 0 || $mybb->user['suspendposting'] == 1)
	{
		xmlhttp_error($lang->no_permission_edit_post);
	}
	// If we're past the edit time limit - don't allow editing.
	else if($mybb->settings['edittimelimit'] != 0 && $post['dateline'] < (TIME_NOW-($mybb->settings['edittimelimit']*60)))
	{
		$lang->edit_time_limit = $lang->sprintf($lang->edit_time_limit, $mybb->settings['edittimelimit']);
		xmlhttp_error($lang->edit_time_limit);
	}
}

Below add:

else if($forum['open'] == 0)
{
    xmlhttp_error($lang->no_permission_edit_post);
}

But if you ask me I would say that an admin should be able to edit posts even in a closed forum. An admin can also edit the subjects in closed forums so it seems to me there is a bug in editpost.php. Open the file and search for:

if($forum['open'] == 0 || $mybb->user['suspendposting'] == 1)

Replace with:

if(($forum['open'] == 0 || $mybb->user['suspendposting'] == 1) && $mybb->user['usergroup'] != 4)

That way you will be able to edit posts using the editor even in closed forums.

Imad Jomaa · (This post was last modified: 2009-04-08, 03:09 PM by Imad Jomaa.)

(2009-04-08, 11:57 AM)Troll Wrote: A locked thread and a thread in a locked forum are not the same thing Imad Jomaa !

And no, I've no secondary group associated with my account.

If you looked the PHP code posted on first page, you saw that usergroup, secondary group etc... won't change anything to the MyBB's response.
If forum is closed, Mybb will answer "Permission denied", there's no other thing to find.

I apologize, for some reason I kept thinking you where talking about a locked thread when you clearly said a locked forum.

Yes, you're right, a quick edit in a locked forum does work. My apologize, not too sure why I kept seeing a locked thread. Toungue

Ryan Gordon · 2009-04-09, 05:07 AM

Michael, that bit of code in your fix is already in there.

// Forum is not open, user doesn't have permission to edit, or author doesn't match this user - don't allow editing.
else if($forum['open'] == 0 || $forumpermissions['caneditposts'] == 0 || $mybb->user['uid'] != $post['uid'] || $mybb->user['uid'] == 0 || $mybb->user['suspendposting'] == 1)
{
	xmlhttp_error($lang->no_permission_edit_post);
}

Michael S. · 2009-04-09, 10:38 AM

// If this user is not a moderator with "caneditposts" permissions.
if(!is_moderator($forum['fid'], "caneditposts"))

I know but it does not apply to admins (and moderators) because of the condition mentioned above. If you want to forbid the editiing in closed forums in general you have to add the little piece of code I posted above (I already checked that this is working). But if you change it that way you also have to forbid to edit subjects which is possible for admins atm.

But I honestly prefer the change in editpost.php. Why should an administrator not be allowed to edit posts in one of his own forums?

Troll · (This post was last modified: 2009-04-09, 10:47 AM by Troll.)

(2009-04-08, 02:51 PM)Michael83 Wrote: But if you ask me I would say that an admin should be able to edit posts even in a closed forum. An admin can also edit the subjects in closed forums so it seems to me there is a bug in editpost.php. Open the file and search for:
if($forum['open'] == 0 || $mybb->user['suspendposting'] == 1)
Replace with:
if(($forum['open'] == 0 || $mybb->user['suspendposting'] == 1) && $mybb->user['usergroup'] != 4)
That way you will be able to edit posts using the editor even in closed forums.

I have the same opinion. Also, personnally, I had already made the modification (exactly the same as you) your are proposing.

If I'm reporting this bug, it's not for my purpose, it's for the community...

But the fix in editpost.php only partially fixes the bug, certain moderation actions will stay unavailable.

Login
Username:
Password:	Lost Password?
	Remember me