We have several lists with several admins managing their own lists with non-superadmin permission but the permission to edit subscribers. If one of these admins goes to “export subscribers”, he can export the whole database, not just his own list!
Here is my own fix for the moment. I post on every admin page where I want to restrict access to superuser only the following code:
#Restricted area, access only for superadmin
if (!$_SESSION['logindetails']['superuser']) {
print $GLOBALS['I18N']->get('Sorry, this page can only be used by super admins');
return;
}
I put this code in the beginning of the files right under:
Note: My fix is just a hotfix because it disables all ways to export subsribers for an admin with limited permissions. A real fix should allow just the export of assigned list(s).