Notifications
Clear all

Prevent secondary usergroup to be changed by member

10 Posts
2 Users
0 Reactions
608 Views
Posts: 16
 mhit
Topic starter
(@mhit)
Eminent Member
Joined: 1 year ago

Hello,

For our forum we have a private main forum plus 3 private subforums (using 3 secondary usergroups for access rights).

In the user registration form, a new member can check the secondary user groups he wants to get access to. The Forum Admin then needs to check if he is allowed to get access and will activate the member account.

BUT... If the new member edits his profile, the secondary usergroups are still displayed and the member can change his secondary usergroups and gets access to any secondary usergroup he wants...!

I have checked all options but I cannot find a way to hide the secondary usergroup for the member.

The secondary usergroups should be visible for the Forum Admin to edit them in the members user accounts but it should NOT be possible for a member to edit the secondary usergroup....!

The Forum Admin does not have WP Admin user role so he will only edit a user in the account page in front end.

How can this be done in such way that ONLY Forum Admin can change the members secondary usergroup and not the member himself?

9 Replies
Posts: 16
 mhit
Topic starter
(@mhit)
Eminent Member
Joined: 1 year ago

Hello,

Does anyone have a solutions for this problem (see also above):

Usually a user custom field has the option 'Can user edit this field?' Yes / No
but for the user custom field "secondary usergroup" there is no such option (see screenshot) and the user can always edit it himself. 

With other words: He can grant himself access to a private secondary forum by editing his profile, while in our case, only the Forum Admin should grant access to a private secondary forum.

Does anyone has a solution? Or will there be a solution in a future update?

Thanks in advance!

user custom fields secondary usergroup
user custom fields
Reply
Posts: 4178
 Tom
Admin
(@tomson)
Famed Member
Joined: 9 years ago

Posted by: @mhit

but for the user custom field "secondary usergroup" there is no such option (see screenshot) and the user can always edit it himself. 

Hi @mhit,

Only moderators and administrators can edit secondary usergroups. Please make sure the user you check has "Registered" usergroup a primary usergroup. Also, leave some screenshots of that user Profile > Account tab (front-end) and the edit screen of the user primary usergroup in wpForo > Usergroups admin page.

Reply
Posts: 4178
 Tom
Admin
(@tomson)
Famed Member
Joined: 9 years ago

@mhit,

The solution is removing the "Secondary Usergroup" field from the "Account" Tab. You can remove it in the Account Tab settings of the User Custom Field addon.

Admins and moderators can manage the secondary usergroups of users in Dashboard > Users > Edit user screen,

Reply
1 Reply
 mhit
(@mhit)
Joined: 1 year ago

Eminent Member
Posts: 16

@tomson

Hi Tom,
Many thanks for your attention.

I would be very happy if it was true that also moderators could manage the secondary usergroups of users in Dashboard, but unfortunately this is only allowed for WP Admin user roles.... (Chris from wpForo also confirmed this).

It is most undesirable to grant WP Admin user role to a Forum Admin member.... I wish there would be another solution then installing plugins that prevent other WP Admins to make changes to the CMS (or delete the main WP Admin account etc.).

Reply
Posts: 16
 mhit
Topic starter
(@mhit)
Eminent Member
Joined: 1 year ago

Please also see this topic:

I could not reply any more because it was closed. Initially I thought it was solved but unfortunately the solutions caused that members were able to change the secondary usergroup themselves, with other words: Giving themself access to a private secondary usergroup, which was not allowed.

wpforo.com/community/how-to-and-troubleshooting-2/allow-non-administrator-to-edit-forum-usergroup-field-in-user-edit-php/#post-103571

In wpForo, 

Only those users who have Admin Usergroup and Admin User Role can manage other User's Primary Usergroup from the front end. Also, the same Admin user can manage the User Secondary Usergroup from front End only if User Custom Fields Addon is activated on the website.

Reply
4 Replies
 Tom
Admin
(@tomson)
Joined: 9 years ago

Famed Member
Posts: 4178

@mhit,

Again I have to repeat the same, you should remove the secondary usergroup from the user account form. 

Reply
 mhit
(@mhit)
Joined: 1 year ago

Eminent Member
Posts: 16

@tomson 

Sorry it wasn't clear but we don't have the secondary usergroup in the user account form.

The point is (again) that ONLY WP Admin can edit a member's secondary usergroup and I would like to know if anyone has a workaround for this since we don't want the Forum Admin to have WP Admin user role.... 

(If the secondary usergroup would be added tot the user account form - to be clear, as said above: this is not the case! - , the member could grant himself access to the private sub forums which is no option either).

Hope everything is clear....

Reply
 Tom
Admin
(@tomson)
Joined: 9 years ago

Famed Member
Posts: 4178

Hi @mhit,

Ok I see. But we cannot add such feature urgently. This will be added in the to-do list and will wait for its turn.

Reply
 mhit
(@mhit)
Joined: 1 year ago

Eminent Member
Posts: 16

@tomson Thanks for your reply anyway.

Hopefully there will soon be an update that will add a functionality that a wpForo Admin who does not have a WordPress Admin user role, can still change the secondary usergroup of a member. Will wait and urgently look forward to this.....
Thanks for your support so far!

Reply
Share:
Scroll to top