Hello,
I am new to the Hestia Control Panel and currently testing it on a VM. During my tests, I discovered an issue where a regular user can unsuspend a domain that I had previously suspended as an administrator.
I came across a related discussion on the forum (Users can unsuspend domain), but it seems the issue remains unresolved.
While I am comfortable modifying code as suggested in that thread, I am concerned about the changes being overwritten during future Hestia updates.
Desired Behavior
I would like suspended users to be entirely locked out of the control panel, preventing them from taking any actions until their account is unsuspended. However, they should still be allowed to download backups of their sites if necessary.
Current Behavior
When a user account is suspended:
- Suspended users receive the message, “You are logged out, please log in again,” upon attempting to log in.
When Domain is Suspended
- Despite this, regular users can unsuspend their domains, which undermines the purpose of the suspension.
Questions
- Is there a way to enforce stricter restrictions on suspended users in the Hestia Control Panel?
- Are there alternative approaches to achieve the desired behavior?
- If code modification is the only solution, how can I ensure these changes persist through updates?
Thank you for your time and assistance!
