Hello everyone,

I am just trying to confirm whether or not this is intended behaviour:
A user (administrator, but not owner of the group) was unable to remove a certain group member.
The owner of the group was able to remove the member and the group in question is a private group.
This seems a little strange, since administrators are able to confirm new users in the group.
The error being returned was "Dieser Bereich wird nur unseren Mitgliedern angezeigt. Bitte einloggen!", loosely translated "This section is only available to members. Please log in."

I'm looking forward to your input.
Peter

Hi Peter,

Seems you have misconfiguration on ACL Joomla user, Would you mind provide me backend and FTP access, please? send it via Message to Community page, use same subject with this topic.

thank you!

I'm sorry Dimas, due to data protection law, I am unable to provide you backend access to our site.
Which ACLs are relevant for this feature?

Yours Sincerely,
Peter

Hi,

Please check my screenshoot..

/administrator/index.php?option=com_config&view=component&component=com_users

/administrator/index.php?option=com_users&view=level&layout=edit&id=2


What do you see on that URL? that is default configuration from Joomla itself...

If you need more help I really need your credentials info, you can send it to Message on our Community page, it very safe there :)

thank you

Hello Dimas,

Thank you for your quick reply.
However, I was a little surprised to see you setting the joomla ACLs for the registered user group to none.

Let me reiterate our problem:
Removing a group member by a registered user that has been granted administrator privileges for that group is not possible.

A little research on our side found that the problem lies in the following function: public function ajaxRemoveMember($memberId, $groupId).

There, the following piece of code is being called:
(!$my->authorise('community.remove', 'groups.member.' . $memberId, $group)) {

We suspect that this call returns false since the regular "registered" users have the ACL community.remove set to "none". This setting is necessary to prevent arbitrary users removing other users from random groups.

However, a group administrator should get that privilege for all groups that he administrates.

I hope I was able to help you in narrowing down this problem's cause.
Merry Christmas!

Peter

Hi Peter,

I am sorry, i think I was wrong with the screenshoot :/

anyway, thank you for better explanation. Please try to upgrade your Jomsocial to the latest version 4.3 I hope it will fix the issue.

thank you!