[SOLVED] Front-end editing of read-only fields?

krileon wrote:

What the last sentence means if User A is an Author moderator and User B is an Author moderator that they can't edit one another. This protects the moderators. Say if 1 moderator account was compromised it does not risk ALL your moderator accounts, etc.. No workaround for this, sorry.

Sorry, but that does not make any sence. At least not in my case.

I will have about 50 registered users and among them about 6 publishers/moderators. If a moderator account gets compromised, the attacker can destroy the profiles of the 44 ordinary users anyway, in addition to a lot of stuff not related to CB. It means that I have to restore the whole site from backup. If the attacker can destroy the last 6 moderator profiles, I still have to do exaclty the same thing, restore the site. So that restriction just makes it harder for us to let the people who produce data make the changes themselves (which is the core goal for this project). And the added security is exactly zero.

My proposal was not to change the default behaviour, rather to provide an alternative behaviour. And I still think that is something you should do.

Mike

Post edited by: krileon, at: 2011/01/03 15:35

We've plans to rework the entire permissions system, but that is not happening until CB 2.0 or even possibly greater. For the time being this is simply how it works. However, CB is open source and you are more then welcome to make any changes you feel necessary. Does not seam vital to allow Moderator X modify Moderator Ys profile.

Thanks,

Ok, I will head over to the feature request forum with this one.

I try to avoid hacking around in the code. First, it makes upgrading harder. And second, my php skills could be better. But I will consider it in this case.

Mike