Having a member set their profile privacy to private - blocks admin? This has got to be a bug, right?
I have a member whose profile I can't view. This is a major liability since I have no idea what, if anything, they are posting on their profile. They could have multiple links to child porn and I wouldn't know it without digging through the database.
No member should be able to block admins from viewing their profile - period.
Profile privacy is what's doing this, but I haven't tried the other privacy areas. I did try to block the admin account using the block button and that didn't work - which is good. Profile privacy does what blocking the admin can't though.
This shouldn't be this way by default. It needs to be fixed.
I'm using 7.01
|
That's exactly what I thought too.
You can still view the profile through the admin panel though.
|
I'm glad you told me that. I wouldn't have tried it otherwise.
I can only view the profile edit area. That leaves a boat load of room for bad things to happen. RSS feeds from bad places, profile comments that can't be seen, etc.
Changing their profile setting to allow me to view it isn't an option because, again, it opens the admin up to liability.
This is a rather major issue IMHO.
|
I can confirm the issue and noticed that it is the same for profiles that have not yet been confirmed.
Is it a bug? I think this is debatable, since your members can set this value for a reason. You could say that although you're the site owner, everyone has the right to privacy (for example; you don't want yahoo to read your emails, even though you have a yahoo mail account). On the other hand, you do have a privacy policy in place, which might cover that you check on profiles, even when they are private.
People themselves are responsible for what they upload and that should cover you against legal actions. I believe it should be left the way it is and if you do want to check on your members, you can use the members section in admin panel to edit profiles, or deanos tools to log on as that member. Photo's, video's, etc are also only visible using the admin panel and not public viewable for admin.
I agree that the admin user should have the power to check/modify profiles, however it does not mean admin should see everything by default.
Dedicated servers for as little as $32 (28 euro) - See http://denre.com for more information |
Life is a fatal disease, sexually transmissible - Virginity is carcinogenic! Ask here for vaccine. |
Shame to see this being added to trac as an "enhancement". Administration is done from the admin panel and not the default on the site.
People's privacy should be respected, also by the admin! There are plenty of ways to check profiles when there is a suspicon of illegal activity. This should not be a reason for adding this as an "enhancement".
If you really feel the need to add some issues to trac, please have a look at the following small issues and maybe these can be resolved in the next release. Rather than having someone waisting time, deciding if this should be an enhancement or NOT.
List of issues:
http://www.boonex.com/unity/forums/topic/Member-menu-items-become-pop-ups.htm
http://www.boonex.com/unity/forums/topic/Setting-availabillity-time-in-membership-levels.htm
http://www.boonex.com/unity/forums/topic/Dashboard-language-key.htm
http://www.boonex.com/unity/forums/topic/HTML-Blocks-not-working-in-IE-8.htm
Dedicated servers for as little as $32 (28 euro) - See http://denre.com for more information |
@ Denre
Sorry but I cannot confirm the bugs you are listing as everything is working fine for me (but tested only with IE7 and Firefox 3.5.9).
As for the requested enhancement:
- this is already possible for the Admin to open Public profiles, why not Friends only profiles ?
- Admin can check all Profiles infos whithin the database, the enhancement will just offer an easiest way
- you still can respect your Members privacy as nobody will force you to use such functionality...
Life is a fatal disease, sexually transmissible - Virginity is carcinogenic! Ask here for vaccine. |
@MichelSwiss
Strange you can not reproduce any of the issues.
pop-ups: I had a look at the code and found the following:
'target' => ( $aItems['Target'] ) ? 'target="_blank"' : null,
I believe this line should be:
'target' => ( $aItems['Target'] == '_blank' ) ? 'target="_blank"' : null,
Currently what the code does is check if $aItems['Target'] is set, and if so, give it a value of _blank (thus also when the value is _self)
Dashboard Language key:
f you look in sys_menu_top, you see that caption for "Home" and Account home" are both _Home
I have not figured out yet where to find the code for the other 2 issues but will provide more evidence
To answer your other questions:
this is already possible for the Admin to open Public profiles, why not Friends only profiles ?
The answer is in your question, PUBLIC Profiles
Admin can check all Profiles infos whithin the database, the enhancement will just offer an easiest way / you still can respect your Members privacy as nobody will force you to use such functionality...
In order for the admin to do this, he/she has to actively go through certain procedures to obtain the information. If this can be done by default on the site, it will be more tempting to look at private profiles, which undermines the privacy of your members.
That things are possible does not necessarily mean it should be made easy!
Dedicated servers for as little as $32 (28 euro) - See http://denre.com for more information |
Some *bugs* I cannot check any more because I already edited my script.
As for the Account Home language key, just replace _Home with _Account Home within your sys_menu_top datase table. The Account Home language string already exists.
I will add the ticket ;-)
As for all these Member-menu-items-become-popups... Is that not because "Enable new DHTML notifications rather than popup" is unchecked within Admin Panel -> Settings -> Advanced Settings ?
Life is a fatal disease, sexually transmissible - Virginity is carcinogenic! Ask here for vaccine. |
@MichelSwiss
Thanks for adding the dashboard language key as a bug.
Regarding the pop-ups ...
Enable new DHTML notifications rather than popup is checked, but even so, it's not a pop_up, its a new page.
It only happens when you create new items in the member menu. When you look in the DB, table 'sys_member_menu' you'll see that only new (or saved) items get the target field filled, and that is when the issue "pops-up"
Since the pop-up issue is "off-topic", maybe we can further discuss this in the post that I already opened for it.
Dedicated servers for as little as $32 (28 euro) - See http://denre.com for more information |
This is an issue. According to a few members on my network, they are being harassed by member JohnDoe. I receive evidence of said harassment and I go to contact JohnDoe to see if there is another side to the story, or to inform them that they are indeed breaking the Terms on the site only to find that I am blocked from contacting them!
How is this possible? Why am I blocked from contacting them? This is one of the worst ideas ever. Members should not be able to block admin level members, period. I understand privacy issues, but admins need to have the ability contact every member.
Example: Does this mean that on this forum, I can block every Admin or Moderator here from ever contacting me? If so, and I violate the terms of this forum, does that mean they cannot contact me to inform me I'm violating the terms? Or to even talk to me about an issue? Please fix this!
|
http://www.boonex.com/trac/dolphin/ticket/2873
This is an issue. According to a few members on my network, they are being harassed by member JohnDoe. I receive evidence of said harassment and I go to contact JohnDoe to see if there is another side to the story, or to inform them that they are indeed breaking the Terms on the site only to find that I am blocked from contacting them!
How is this possible? Why am I blocked from contacting them? This is one of the worst ideas ever. Members should not be able to block admin level members, period. I understand privacy issues, but admins need to have the ability contact every member.
Example: Does this mean that on this forum, I can block every Admin or Moderator here from ever contacting me? If so, and I violate the terms of this forum, does that mean they cannot contact me to inform me I'm violating the terms? Or to even talk to me about an issue? Please fix this!
Rules → http://www.boonex.com/terms |
