Contrib.social

Can this module be used to adjust a roles permissions?

Open on Drupal.org β†’
Created on 2 October 2023, 9 months ago
Updated 11 October 2023, 9 months ago

Problem/Motivation

Running 9.5.9 core.

We would like to assign users a sort of sub-admin role, where they could administer all users on a site except Admininstrator users. Currently, when you assign the "Administer users" permission to a role, that role cannot delete existing administrators, but it can create new administrators by assigning the role. We'd like to prevent that. There is a module "Administer Users by Role" that purports to do this, but if Flexible Permissions would allow us to do it, we'd rather go that route.

Steps to reproduce

Assign a user role "Administer users" permission only. Log in as the user. You cannot remove or alter existing administrators, but you CAN assign the "administrator" role to a non-administrator -- thus giving him the ability to log in as an administrator himself.

Described step by step in this video: http://thefiengroup.com/files/Issue_D10_Administrator.mp4

Proposed resolution

If there was a simple way in Flexible Permissions to say "if the user has the "Administer Users" permission, but is NOT an administrator, then he can't assign administrator role or permissions.

πŸ’¬ Support request
Status

Fixed

Version

1.0

Component

Code

Created by

πŸ‡ΊπŸ‡ΈUnited States SomebodySysop

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

  • Issue created by @SomebodySysop
  • Comment 9 months ago β†’
    πŸ‡§πŸ‡ͺBelgium kristiaanvandeneynde Antwerp, Belgium

    Flexible permissions and (hopefully) soon Access Policy API in core decides which permissions you get. Seems like you want to have two meanings for one permission, which this module does not do.

    You could introduce a new permission called 'administer regular users' and then change the access on the user edit form to also check for that permission in combination with the admin status of the subject account.

  • Status changed to Fixed 9 months ago
  • Comment 9 months ago β†’
    πŸ‡§πŸ‡ͺBelgium kristiaanvandeneynde Antwerp, Belgium
  • Comment 8 months ago β†’
    System Message

    Automatically closed - issue fixed for 2 weeks with no activity.

contrib.social Blog FAQ Discussions
Production build 0.69.0 2024