- Issue created by @todea
- πΊπΈUnited States john.oltman
You have to also give them "manage 'type' registration" permission for each of your registration types, so they can get to that listing. It won't let them do anything but see the listing, so it is safe to give that out. There are different permissions that let people manage registration settings, don't give them that one.
There is a separate issue β¨ Create additional host permissions Active that would let you give one manage permission, instead of having to do one per registration type. That will be in a future release.
- πΊπΈUnited States todea
Thanks for the info. That got us closer to what we needed. However, users who should just be able to view the registrant list at /node/1234/ also have the option to 'Cancel'.
Also it seems difficult to give one user role the ability to edit registrations for the host entities they have edit access to without them also getting the edit registration ability to host entities where they should only have view permission.
Here is a breakdown of our primary "staff" user role with the list limited to registration specific permissions:
staff: rid: staff label: staff perms: - 'access content' - 'administer own advanced_registration registration' - 'administer own advanced_registration registration settings' - 'administer own basic_registration registration' - 'administer own basic_registration registration settings' - 'administer own long_form_registration registration' - 'administer own long_form_registration registration settings' - 'create advanced_registration registration other anonymous' - 'create advanced_registration registration other users' - 'create advanced_registration registration self' - 'create basic_registration registration other anonymous' - 'create basic_registration registration other users' - 'create basic_registration registration self' - 'create event content' - 'create long_form_registration registration other anonymous' - 'create long_form_registration registration other users' - 'create long_form_registration registration self' - 'create ped_registration registration other anonymous' - 'create ped_registration registration other users' - 'create ped_registration registration self' - 'edit any event content' - 'edit any page content' - 'manage advanced_registration registration' - 'manage basic_registration registration' - 'manage long_form_registration registration' - 'manage own advanced_registration registration' - 'manage own basic_registration registration' - 'manage own long_form_registration registration' - 'manage own ped_registration registration' - 'update own advanced_registration registration' - 'update own basic_registration registration' - 'update own long_form_registration registration' - 'view any advanced_registration registration' - 'view any basic_registration registration' - 'view any long_form_registration registration' - 'view any ped_registration registration' - 'view any registration' - 'view own advanced_registration registration' - 'view own basic_registration registration' - 'view own long_form_registration registration' - 'view own unpublished content' - πΊπΈUnited States john.oltman
However, users who should just be able to view the registrant list at /node/1234/ also have the option to 'Cancel'.
You must have the Registration Workflow submodule enabled and given "Use the Cancel transition" permission to the staff role. Remove that from staff and you should be set.
Also it seems difficult to give one user role the ability to edit registrations for the host entities they have edit access to without them also getting the edit registration ability to host entities where they should only have view permission.
The "Update host registrations" permission was designed for this. Try that one and it should be what you are looking for.
- πΊπΈUnited States todea
We are using that registration workflow. Can the "Use the Cancel transition" permission be scoped to only the entities the user has access too?
We're running an older version of booked in prod. We'll update to get that "Update host registrations" permission. Thanks
- πΊπΈUnited States john.oltman
Can the "Use the Cancel transition" permission be scoped to only the entities the user has access to?
Currently it is its own independent permission. It would be completely reasonable though for there to be an option (and perhaps even the default) that says the transitions also require update access to the registration - which I think would do what you need. If that sounds good, would you be able to create a new issue for that. Should be doable to work that into the next release.
- πΊπΈUnited States john.oltman
Thanks for opening that other issue @todea