Closed (fixed)
Project:
Account Expiry
Version:
5.x-1.x-dev
Component:
User interface
Priority:
Normal
Category:
Bug report
Assigned:
Reporter:
Created:
13 Feb 2008 at 19:20 UTC
Updated:
19 May 2008 at 02:35 UTC
With Account Expiry 5.x-1.x-dev (2008-Jan-28), there is no access control permissions to set. Without some sort of access control, there is no way to prevent any role/user to manage to own account expiry date. The "user account expiry" page is only accessible to users/roles with the "administer site configuration" permission enabled under the system module, but an authenticated user can change her/his account expiry date from the "My account" page. IMO this behaviour seems to defy the purpose of this module, as only administrators should be able to manage users' account expiry date.
Would it be possible to implement access control on the Account Expiry module?
Comments
Comment #1
jdsaward commentedAgree. Will do, as soon as possible.
Comment #2
jdsaward commentedAltering this issue from "Feature Request" to "Bug Report" because of the implications of:
"but an authenticated user can change her/his account expiry date from the "My account" page.
Comment #3
jehnich commentedWith the latest version of 2 May we implemented the access control, now only users with special permission see the block to change the account expiry date on the User Account page.
Comment #4
Anonymous (not verified) commentedAutomatically closed -- issue fixed for two weeks with no activity.