Hi,
There is a problem with actions! If you view a profile's photo's a non-owner can "edit" or "delete" that photo. These action options should only be available to the profile owner...not the visitor!! It would not be a solution to just delete the action, as the profile owner needs those buttons! Yes, the owner can delete photos from a different page, but this is the only place the owner can "edit" a photo.
1) How do you control who sees an action; i.e. the profile owner or visitor?
2) How can I add an "edit" option on the page that allows the owner to organize, add, and manage items?
Thanks
|
YIKES!
This is a serious problem, just one whacked out troublemaker can do some serious damage to other members' profiles this way!
This has to be fixed!!
|
Oh, one more question:
How come the "DisplayinSubHeader" option does not work? It would be much better if it did, so one could turn certain actions on or off as desired instead of having to delete an item permanently to turn it off.
This would also be better for the Actions Manager by Esase! Instead of that mod deleting things in the database, it could just change a setting to display or not!! Much better that way!!
Thanks
|
LOL...YIKES!...I couldn't have said it better!! |
These options ARE only available to the profile owner and the admin.. were you still logged in as admin when you saw them?? BoonEx Certified Host: Zarconia.net - Fully Supported Shared and Dedicated for Dolphin |
I wasn't logged in as an administrator when I tried to replicate this issue, but I may know why it is happening. When first setting up the Membership Actions, trying to decode the little descriptions of what the permissions actually mean was quite a chore. Perhaps this...
photos delete
photos edit
... means that members can delete and edit anyone's photos and not just their own?!?! This seems completely counterintuitive to me, but without any documentation explaining further what the permissions actually mean, I guess that could be it?
|
Hi Mscott,
No, I was logged in as a new membership level that that is not an admin. I did login as a standard member and you are right!! I just realized based on your response that I may have to adjust the actions for that level...forgot that part!! Sorry for the panic.
Thank you very much! :-)
|
Thank you ggsinc...just figured that out too!! Mscott put us on the right track! |
Ah! That's exactly right. You're right it could deffinitely be explained a little better. Like some features in the membership levels editor say:
"comments remove own"
Which is obvious.. it allows the membership level to remove their OWN comments but not other peoples. But then ones like:
"photos delete"
Are deceptive because at first glance you would think it means they can delete their own photos.. but actually it allows them to delete ANY photo. I guess the safe way to go about it is if it doesn't have "own" at the end then it applies to everyone and you probably wouldn't give it to a membership level that isn't a moderator or admin.
Good job on figuring that out though, I didn't even think that it might be a new membership level.
BoonEx Certified Host: Zarconia.net - Fully Supported Shared and Dedicated for Dolphin |
Hmmm I guess I thought that since the ads, blogs, avatars, etc. all stipulate "any" that it was the reverse of that.... that if they didn't say "any" then they would be for just their own things.
Wonder if it's worth asking for a more detailed description of what each permission stands for? Would love to know exactly what I've been giving members permission to do for the past year, if it isn't too much to ask!!
|
