How does a restricted administrator view the Moderator Activity Page?

[georgebkk]

We have an issue with r_moderatorstats_manage:

1. I created a new group called “Test Admin”

2. I added the new group using the “Add administrator” link on this page: https://example.com/admin/?app=core&module=staff&controller=admin

3. I added a test member to the Test Admin group

4. When the Test Admin group permissions are “Unrestricted” an administrator member of this group can view the Moderator Activity page https://example.com/admin/?app=core&module=stats&controller=moderators

5. If the Test administrator group permissions are changed to “Restricted” a member of this admin group cannot view the Moderator Activity page, even if the r_moderatorstats_manage option is enabled

6. In fact, if the group permissions are set to “Restricted”, and every possible option is enabled (so the restricted admin user is effectively an unrestricted admin user) then admin user still cannot view the Moderator Activity page

The question we would like answered is how does a restricted administrator view the Moderator Activity page?

[Martin A.]

I just followed your exact steps, and I am not able to reproduce this.

As you can see, the moderator menu item is also gone.

[Randy Calvert]

Does the person you are changing permissions for have other primary or secondary member groups that could be adding permissions?

Remember… groups ADD permissions instead of taking them away. So if you have two member groups… one with permission to access something and another without access, if the person is assigned to both groups, they would have access to the item. 

[georgebkk]

I need to explain more clearly.

1. I have created a restricted administrator group

2. Members of this group have the permission r_moderatorstats_manage enabled (see screenshot)

3. Members of this group cannot view the Moderator Activity page https://example.com/admin/?app=core&module=stats&controller=moderators (see screenshot)

 

[Martin A.]

4 hours ago, thaivisa said:

I need to explain more clearly.

1. I have created a restricted administrator group

2. Members of this group have the permission r_moderatorstats_manage enabled (see screenshot)

3. Members of this group cannot view the Moderator Activity page https://example.com/admin/?app=core&module=stats&controller=moderators (see screenshot)

 

I understood what you meant, but it works as it should when I reproduced it. The test member could see the stats when it was enabled, but not when disabled. 

As Randy asked, is this the only group this member is part of? You cannot have the member in an unrestricted primary group, and then have restrictions in a secondary group. Well, you could, but none of the restrictions would be applied to the admin.

Why do you see the language key instead of the translated string? Is it like this for all other permissions?

[georgebkk]

1. This is the only group this member is part of (see screenshot).

 

2. Why do I see the language key instead of the translated string? I have no idea, other than the website is running version 4.6.12.1 and we are not ready to upgrade yet due to a complicated theme.

[Nathan Explosion]

Here's the cause of the original problem:

public function execute(){
	\IPS\Dispatcher::i()->checkAcpPermission( 'moderators_manage' );
	parent::execute();
}

In 4.6.12.1, that's the permission check for the controller you are accessing - it's not moderatorstats_manage, therefore it isn't going to be using the setting you are using. That is fixed in the 4.7.x codeline at some point.

If you want a QF for it, and are self-hosted, then just edit the relevant file (/applications/core/modules/admin/stats/moderators.php) and change moderators_manage to moderatorstats_manage

The language string issue will be sorted if and when you upgrade.

[georgebkk]

Thanks a lot for your help! It works perfect now!