What are the steps to reproduce this issue?
- Create webpanel from scratch
- Create an admin with only edit admins permission. Create moderator account with no permissions
- Login to admin account
What happens?
When attempting to edit the moderator account from the admin account with only edit admins, you are presented an "Access denied." message
What were you expecting to happen?
I expected to be able to edit the moderator account, including their password
Any logs, error output, etc.?
No logs
Any other comments?
I'm not sure if this is a security feature or bug. I can see the argument for not wanting admins to be able to edit owner's passwords, but there's also an argument for delegating the ability to manage accounts to admins that aren't owners, which I believe is what the edit admins flag is intended for
What versions of software are you using?
Operating System: Deb 13, this test env was in a ptero container
SourceBans++ Version: Latest, 2.0.0. However I discovered this issue on 1.8.4
PHP Version: 8.5
MySQL Version: MariaDB 11.8
Link to your project: Happy to share in private
What are the steps to reproduce this issue?
What happens?
When attempting to edit the moderator account from the admin account with only edit admins, you are presented an "Access denied." message
What were you expecting to happen?
I expected to be able to edit the moderator account, including their password
Any logs, error output, etc.?
No logs
Any other comments?
I'm not sure if this is a security feature or bug. I can see the argument for not wanting admins to be able to edit owner's passwords, but there's also an argument for delegating the ability to manage accounts to admins that aren't owners, which I believe is what the edit admins flag is intended for
What versions of software are you using?
Operating System: Deb 13, this test env was in a ptero container
SourceBans++ Version: Latest, 2.0.0. However I discovered this issue on 1.8.4
PHP Version: 8.5
MySQL Version: MariaDB 11.8
Link to your project: Happy to share in private