There is some setting which allows moderators to manage categories.
I suggest to remedy this behavior by forbidding moderators to change a categorry in such a way that they loose access.
5 Likes
sam
December 11, 2025, 10:15pm
2
Agree, at the minimum some sort of warning that this will happen with a confirm.
2 Likes
Thanks for the report @Steradiant
We’ll now show a confirm dialog if the user is about to lose access to a category by changing its permissions
main ← prevent-moderator-self-lockout
opened 04:23PM - 12 Dec 25 UTC
When moderators with `moderators_manage_categories` enabled change category perm… issions, they could accidentally remove their own access, requiring admin intervention to fix.
This adds a client-side confirmation dialog that warns moderators before saving permission changes that would lock them out. If confirmed, the changes are saved and the user is redirected to the home page.
Changes:
- Add `_wouldLoseAccess()` check in edit-category controller that compares new permissions against the user's group memberships
- Show confirmation dialog via `dialog.yesNoConfirm()` before saving
- Redirect to home page after confirmed save (since user can no longer access the category edit page)
- Fix `onSelectGroup` to properly set `group_id` for custom groups by looking up from `site.groups` (was only working for auto groups)
Here's how the confirm dialog looks like
<img width="1606" height="1043" alt="CleanShot 2025-12-12 at 17 12 55" src="https://github.com/user-attachments/assets/86e255dc-fa5c-4fde-8c86-3d3b0e03ce89" />
Ref - https://meta.discourse.org/t/390978
1 Like
