We have JomSocial 3.1.0.4 installed onto our site and we are having an issue with the access levels members are getting once they have registered and the permissions they have to do things.
When a member registers on the site they are assigned to the User Group 'Registered' - once they login they should not be able to do such things as delete posts from the activity stream / add 'Custom Status Updates' / feature users etc (as these options should be restricted to only admin people) - however they seem to be able to do these.
If you visit the site below you will see what I mean. When you login as a member that is just registered (for example, Carly - using the same password as Admin below) you are able to delete posts from the activity wall etc - which a registered member should not be able to do. Please could you investigate this for me and let me know how it can be fixed.
Many thanks.
Hi, Carly Southern.
This is strange indeed. I registered as a new user... and I'am able to delete other user posts on activity stream or feature photo albums. This should not happen...
Did you made any customization to source code? Template hacks?
No we haven't made any changes.
Within the system (as in Joomla) the access levels appear to perform correctly - for example, we have set up the Main Menu option 'Reports' to only be visible to access level 'Manager_Special' - who are Managers and Super Users. When you login as the Moderator you see this menu option, and if you login as a registered members you don't (which is correct). This doesn't appear to be the case with JomSocial as registered members are able to do things that they shouldn't be able to.
Many thanks for your help.
Hi, Carly Southern.
Users can delete posts on Activity Stream only in two cases:
- they are owner of this post
- are community administrator (need to belong to Moderator or Administrator Joomla! user group).
I'll check your database...
Did you modified JomSocial templates?
I this a test site or production site? Can we reinstall JomSocial?
Yes, you can reinstall on this site as it is a development site.
Many thanks.
Hi, Carly Southern.
Everything looks alright... I'll as our developer fol help, please stay tuned.
Many thanks. Have you re-installed JomSocial?
Hi, Carly Southern.
Yes, it fixed gender field issue on backend.
Sorry I think there has been a confusion here. The gender issue is not the problem on this ticket. The problem is the access levels?
Are developers looking at this issue?
Just to add some more information to this ticket issue. When we first installed JomSocial we were having an issue with custom fields displaying during the registration stage - when people signed up they were putting in their username, password, accepting terms and conditions - but when they selected next nothing happened (they didn't get taken to the Custom profile questions or upload an avatar) and in turn they did not complete their registration.
The way we fixed this was to set up a hidden menu called 'Dashboard' under the 'User Menu' and set it to public. This allowed the registration process to complete. Will this have anything to do with the issue we are having?
We need the site to go live tomorrow so please be aware that this is an urgent issue.
Many thanks in advance for your help.
Any news on this issue??????
Hi, Carly Southern.
Carly Southern wrote: Sorry I think there has been a confusion here. The gender issue is not the problem on this ticket. The problem is the access levels?
Hi, Carly
We have not received any response back from you in over 7 days, and would like to know if you consider this issue to be resolved. If you have any further questions, simply reply to this post.