Message # 1
screenshot : http://mihaiantoce.ucoz.ro/Untitled.png
Moderators with the ability to use "Admin bar" can chose the option "view site as administrator" and gain administrator privileges.
This is a HUGE exploit and a security breach.
Post edited by mihai9987 - Sunday, 2014-09-07, 11:53 AM
Message # 2
mihai9987, the site's administration features - including the admin bar - are for administrative purposes. In a uCoz sense as a CMS this means the management of the website; not simply the moderation of. What extra features does the admin bar provide for your Moderators that the standard user bar would not?
You are correct, in what you say - I'm simply trying to understand your position on the matter. I don't believe there are currently plans to change this feature.
Web Applications Developer
Been here for 8 years and counting.
Visit me at alexmoloney.me
Message # 3
You can disable the admin bar by going to your control panel.
Go to http://mihaiantoce.ucoz.ro/admin and then:
Users (Left Menu) >> User groups >> Set permission for all groups >> Other
Check or uncheck the "Access to Admin Bar."
Click the link for more info on this matter:
Message # 4
Eriko, I want to keep the admin bar for my moderators as its easier for them to moderate comments overall, but they can simply exploit it by giving themselves administrator permissions. I just want the option "View site as" removed. What do you guys think ?
Paradox, If you have acces to the admin bar, you can make yourself any group that you want. A moderator can become an administrator, thus you can have acces to all administration functions like File Manager, Edit site design, Builder, which you would normally be unable to acces.
In conclusion, the option "View site as" , can be used by moderators to become administrators and thus enabling them to acces "file manager, site design and builder , as well as Mass PM dispatch"
Post edited by mihai9987 - Sunday, 2014-09-07, 12:11 PM
Message # 5
mihai9987, as far as I know it's just viewing the site that changes, not the privileges.
Message # 6
Incorrect, they can acces the file manager, site design and builder , as well as Mass PM dispatch.
Test it for yourself : create a moderator and see for yourself.
Message # 7
mihai9987, that's because they have access to the admin bar. That's not because they viewed the site as an administrator.
Message # 8
mihai9987, disable the option "Access to Admin Bar" for Moderators. They will still have access to Admin Bar but it's limited version: they will be able to manage comments, but won't have the option "View site as".
I'm not active on the forum anymore. Please contact other forum staff.