Patrick Bass Area: Admin deep-dive (commerce/config) (audit p15b) · Surface: /admin/broadcast (AdminConfigController@sendBroadcast) · Dimension: competitor-gap · Severity: major
Intercom, Zendesk, Circle, Skool and Mighty all let an operator target a segment (e.g. trial users, members inactive 30 days, a specific plan tier or group) and schedule the send for a future time, plus send a test to themselves first. Our broadcast blasts the entire member base the instant the button is pressed, with no way to reach 'lapsed members' (a segment the dashboard already computes at AdminDashboardController.php:92-100) or to schedule a Monday-morning announcement on Friday. The synchronous foreach also blocks the request while inserting one notification row per user, which will time out on large tenants.
Evidence
AdminConfigController::sendBroadcast (AdminConfigController.php:1130-1235) fans out to a fixed query 'WHERE u.role >= 2' — every registered user, immediately, synchronously in a foreach loop. No scheduled_at, no segment filter, no preview. grep 'scheduled_at|recipient_segment|send_at' across Controllers/Models returned no broadcast hits. showBroadcast (line 1110) renders a plain subject/body/send_email form.Suggested fix. Add audience presets (all / by role / by plan tier / inactive-N-days / a named forum or group) reusing the lapsed-member SQL already in the dashboard, a scheduled_at datetime that a worker drains, and a 'Send test to me' button. Move the fan-out into the existing EmailQueue/worker pattern instead of the inline loop.
Filed by the automated tenant-app audit and adversarially evidence-verified. Status: verified. Open — not yet actioned.
Patrick Bass
@mobieus
