I just made the odd discovery that, as a moderator with limited category permissions, I can can’t update the category notification settings for a user with access to the categories. To make matters worse, if I make any changes to a user’s preferences the category notification settings get changed. This means that if someone was watching/tracking/muting a category before, they aren’t after the moderator saves the preferences.
##Replication steps
set up a user that has moderator privileges but limited access to one or more categories
set up another user that has access to category/ies that the moderator does not have access to, and set some up to be watched/tracked/muted
log in as admin, look at the user preferences and confirm the settings (see first screenshot below)
log in as user with moderator privileges but without access to all categories and edit the user preferences of a user who has access to a category you do not (see second screenshot below)
save changes.
go back as admin to look at the user… you will see the category notification settings are gone.
##How it should behave
The permissions on the user being edited should be reflected on the user page, not the permissions of the logged in user. So the moderator should be able to see and edit these category notification settings.
Why are moderators allowed to edit user preferences in the first place? That seems like an admin privilege.
I don’t know about others, but on my sites this is not an issue - moderators can know that the categories exist, but shouldn’t be able to see the contents of the ones they don’t have access to.
Agreed … the risk of a moderator simply knowing a category exists is low: moderate probability they find out about it, and trivial impact if they do. (What could they do other than tell other people a secret category exists?)
Also, QFT. I could see allowing them to edit things where someone could put spam links or offensive text, but preferences, no.
To be very clear - what @codinghorror is saying is that until this is resolved, all moderators with limited category permissions should be instructed not to edit preferences of other users at all, to avoid messing up their category notifications.