Can this module be used to adjust a roles permissions?

Created on 2 October 2023, over 1 year ago

Updated 11 October 2023, over 1 year ago

Problem/Motivation

Running 9.5.9 core.

We would like to assign users a sort of sub-admin role, where they could administer all users on a site except Admininstrator users. Currently, when you assign the "Administer users" permission to a role, that role cannot delete existing administrators, but it can create new administrators by assigning the role. We'd like to prevent that. There is a module "Administer Users by Role" that purports to do this, but if Flexible Permissions would allow us to do it, we'd rather go that route.

Steps to reproduce

Assign a user role "Administer users" permission only. Log in as the user. You cannot remove or alter existing administrators, but you CAN assign the "administrator" role to a non-administrator -- thus giving him the ability to log in as an administrator himself.

Described step by step in this video: http://thefiengroup.com/files/Issue_D10_Administrator.mp4

Proposed resolution

If there was a simple way in Flexible Permissions to say "if the user has the "Administer Users" permission, but is NOT an administrator, then he can't assign administrator role or permissions.

💬 Support request

Status

Fixed

Version

1.0

Component

Code

Created by

🇺🇸United States somebodysysop

Live updates comments and jobs are added and updated live.

Comments & Activities

Issue created by @somebodysysop
Comment over 1 year ago →
🇧🇪Belgium kristiaanvandeneynde Antwerp, Belgium
Flexible permissions and (hopefully) soon Access Policy API in core decides which permissions you get. Seems like you want to have two meanings for one permission, which this module does not do.

You could introduce a new permission called 'administer regular users' and then change the access on the user edit form to also check for that permission in combination with the admin status of the subject account.
Status changed to Fixed over 1 year ago12:02pm 11 October 2023
Comment over 1 year ago →
🇧🇪Belgium kristiaanvandeneynde Antwerp, Belgium
Comment over 1 year ago →
System Message
Automatically closed - issue fixed for 2 weeks with no activity.

contrib.social Blog FAQ Discussions

Production build 0.71.5 2024