Luro does not check the author's role heirarchy
Closed this issue · 2 comments
Take the following Roles in the following heirarchy:
- Luro
- Admin
- Moderator
- Trial Moderator
Luro has the Luro
and Admin
role, the author has the Trial
role and the author tries to ban a Moderator
.
This will currently go through as Luro is only checking ITS permissions, and not comparing where the author is in the role hiararchy compared to who they are banning.
Pretty big issue...
This is more of a pain than I realised.... Currently my thoughts are iterating through the permissions to see which is highest, but it will need to be done twice which is not efficient. Might implement that as a measure to close this issue and then see if I can come up with a smarter solution in the future
After many, many months, this is now fixed in the twilight branch! Yay!