Admins can edit the profiles of other users. Is this intended behavior?
-
Fairly simple to reproduce.
- Make a new user account.
- Sign out and sign in as an account with admin privileges.
- Go to the new user's page, and on the left hand menu, select
edit profile. - You may now edit the user's profile as though you were that user.
I hope this is not intended behavior. If so, what is the reason behind it?
-
System shared this topic
-
@anchorite Yes, it's intentional. This is the entire point of an admin login. Why would you want someone setting up something in your NodeBB instance that could be either nefarious or salacious in content and not be able to change it?
-
@phenomlab I'm completely new to being a forum admin, so I'm not familiar with the tools and techniques. Is this common? I'd expect to be able to censor or lock the profile and warn or ban the user without putting words in their mouth. I suppose it's a moot point since I have access to the database and could do it from there if I really wanted to; I'm just shocked that it's so easy.
