With Account Expiry 5.x-1.x-dev (2008-Jan-28), there is no access control permissions to set. Without some sort of access control, there is no way to prevent any role/user to manage to own account expiry date. The "user account expiry" page is only accessible to users/roles with the "administer site configuration" permission enabled under the system module, but an authenticated user can change her/his account expiry date from the "My account" page. IMO this behaviour seems to defy the purpose of this module, as only administrators should be able to manage users' account expiry date.

Would it be possible to implement access control on the Account Expiry module?

Comments

jdsaward’s picture

Assigned: Unassigned » jdsaward

Agree. Will do, as soon as possible.

jdsaward’s picture

Category: feature » bug

Altering this issue from "Feature Request" to "Bug Report" because of the implications of:

"but an authenticated user can change her/his account expiry date from the "My account" page.

jehnich’s picture

Status: Active » Fixed

With the latest version of 2 May we implemented the access control, now only users with special permission see the block to change the account expiry date on the User Account page.

Anonymous’s picture

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for two weeks with no activity.