Join GitHub today
[ticket/10537] Remove unnecessary permissions #505
Database updated a new QI board.
Gave admin never for u_sendpm.
Going to manage pm drafts (http://localqi//boards/x34/ucp.php?i=ucp_pm&mode=drafts) - shows:
Here you can view, edit and delete your saved drafts.
No drafts saved.
(normal ui). I would expect this to be prohibited.
It seems that pre-patch behavior is the same.
Not none; I tested some of it a while back (though I cannot remember specifically which parts). I just haven't had a chance to test it all recently. With exams done I should have plenty of time.
The permissions for the email friend button on viewtopic is not the same as the actual page. As a guest I can see the button, but clicking it gives me: "You are not permitted to send email to this user."
Where is the u_pm_reply permission? This permission does not exist (at least not on the version of develop this is based on). Was this added in a a different PR?
Would you mind rebasing this on develop? Merging causes conflicts.