Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In with Google Sign In with OpenID

Possible loss of user type

I noticed that an admin having permission to modify users but that can only handle a few roles, changing a user having a role different from those ones he can change, inevitably the role of the changed user changes.

For example, adding the "Manager" role that can only handle "Member" and "Editor" roles, if he changes a manager (including himself) his role (field "type") changes.

If a "Manager" could see and edit only users with a role that he can manage, could be a solution? He would not see himself in the users administration page (/user/admin) but he could change his profile through /user/update page, that already does not involve editing the role.

Comments

  • I just made the role hard-coded in the edit form, so the admin can still edit that member but not change their role. That way they can't take away someone's role or change it, but they can still move members around within the roles they're allowed to change, and they can still edit those members. Here's the commit:

    https://github.com/jbroadway/elefant/commit/7107aba499b85df557020f8fbb5595498b98b47a

    I'm not sure if we need to also restrict them from editing and/or seeing those members, since they do have permission to edit users in general as per the "Members: Create or modify member accounts" checkbox in their role, but I'm open to changing that too if it's a more complete solution. What do you think?

  • Thanks J. I want to try with a clean install of Elefant. I will do during the coming holidays. Thanks again.

  • Finally I tried your latest changes that I find perfect.

    Thanks again.

Sign In or Register to comment.