New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Suspended users shouldn't be allowed to change avatar #214
Comments
The problem is here We should create a new method on the user policy for That's actually very similar to the changes I recently made to the bio extension. It was previously hard-coded in the controller and I moved it to a policy FriendsOfFlarum/user-bio@1a2655d#diff-dfca4adbcf6b2db93354567377bf9d41 We will still need an additional |
This might be something to solve while we split the permissions for flarum/framework#1965 |
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. We do this to keep the amount of open issues to a manageable minimum. |
not stale |
Will be nice if this can be fixed in Beta 16 |
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. We do this to keep the amount of open issues to a manageable minimum. |
Not stale nice stale bot :) |
I would Like to work on this. |
Great to hear! Would you also be interested in some aspects of the linked issue by any chance? Feel free to jump into that discussion 😁 |
@hxri If you still want to work on this, https://github.com/flarum/core/issues/3033#issuecomment-906090910 might be a good and simple approach (pending discussion, might want to give it a few days unless there are other ideas / objections). |
Sure! I will work on #3033 (comment) first. |
Thanks! Since the current suspend implementation adds users to the "guest" group, if we don't allow guests to change their avatar, that should be enough to close that issue. |
Suspended users are currently allowed to change the avatar, potentially as a workaround for spreading spam or something else.
Suspended users shouldn't be allowed to do that.
The text was updated successfully, but these errors were encountered: