Please correct me if I am wrong but if I delegate to a moderator the ability to block trolls with this module, they get permission to block anyone on the system including UID 1. The only permission I can see is "administer troll".

How can I stop a forum moderator for example IP banning or blocking me as the admin, or any other user of a higher level?

I think this module should have separate permissions for each role in the system. Instead of "administer troll" it should be "block authenticated users", "block anonymous users", "block admin users" etc. That way you can define exactly what class of user a moderator can block.

Comments

deekayen’s picture

Status: Active » Fixed

Perhaps you shouldn't grant that permission to people you don't trust to abuse it.

http://drupal.org/project/protect_critical_users
http://drupal.org/project/userprotect

mr.j’s picture

Status: Fixed » Needs work

That is a very unhelpful answer, and hardly a fix for the problem. People make mistakes, do stupid things from time to time or can just turn nasty. Unfortunately using troll leaves you open for such a mistake or attack.

I have userprotect already but it doesn't help with troll because it only protects on user edit form submission (as does protect critical users), but troll does direct database manipulation which obviously bypasses these and any other modules.

I respectfully ask you to at least leave this issue open so others can at least be aware that this issue exists.

deekayen’s picture

Status: Needs work » Active
Pomliane’s picture

Status: Active » Closed (won't fix)

This version of Troll is not supported anymore. The issue is closed for this reason.
Please upgrade to a supported version and feel free to reopen the issue on the new version if applicable.

This issue has been automagically closed by a script.