private-message BAN page permissions

Created on 23 October 2024, about 2 months ago

Problem/Motivation

If a user founds this page: /private-message/ban it can search any users, including adminstrator from there.
In some cases this is not good, for example if admin username is changed like adminy
it reveals the admin username for anyone who writes in the /private-message/ban field "admin"

This page: /private-message/ban should have default permissions that it is not available for anyone else than admin.
Could it be made with views, so it could be more easier to customize?

Steps to reproduce

Proposed resolution

Remaining tasks

User interface changes

API changes

Data model changes

✨ Feature request

Status

Active

Version

3.0

Component

Code

Created by

🇫🇮Finland anaconda777

Live updates comments and jobs are added and updated live.

Comments & Activities

Issue created by @anaconda777
Comment about 2 months ago →
🇫🇮Finland anaconda777
I accidentally found /private-message/ban ULR.
Is there any other similar "hidden" URLs where are functionalities related to this module?
This URL could be mentioned in the private message configuration page.

Another issue, when clicked "ban user" at the user page, it redirects the user to private-messages -page.
In my case there should be no redirection and the user should not be redirected.

contrib.social Blog FAQ Discussions

Production build 0.71.5 2024