djalmasi yep, you are indeed correct, this is a bug.
@datitisev I was able to reproduce this locally by creating a new group, giving that group the ability to ban users, assign a user to that new group, used FoF Impersonate to log in as that user who has this special group assigned to them, and alas no "Ban IP" button under PostControls for just banning normal users/members without this permission.
Edit: Even though this new group has the permission to Ban IP's via PostControls,
canBanIP still returns false for whatever reason. The
canBanIP user attribute, on the other hand, is set to true for this user I was testing with.
Only thing I can really think of right now is that this can be removed since there's already a
canBanIP attribute via the UserSerializer that is already used for the permissions check. I'm not even sure how that post attribute is even able to return true in code or even changed in the UI. This line can also be changed to where
!post.canBanIP is changed to
!user.canBanIP which is the same permission check that is done in the UserControls section.