-
-
Notifications
You must be signed in to change notification settings - Fork 477
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Split out permissions for assigning roles/groups and editing them #6614
Split out permissions for assigning roles/groups and editing them #6614
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
When editing a group, we should give the "roles" field the same treatment. At the moment it doesn't. You should only be able to assign the roles to the group if you have the assign_roles permission.
Yeah that makes sense, however the approach we'd take now would need to change if/once #6506 merges (you could use ensureFields on the blueprint at that point). So happy to work on it now, but just highlighting it would need be changed later... what do you think? |
It would need to be updated in both places either way. Let's make the change here, and we can add a note in the other PR to update it. |
@jasonvarga What about this ? |
Just checking in to see if this change is sufficient, or if you need more? |
Just expressing my gratitude here for this PR! No more creating users for clients in the near future! |
Thumbs up for this. |
|
Alrighty, I made some additions here:
Thanks for this PR, sorry about the delay. |
Thanks for the changes and cleanup! |
Thanks you both! |
This is great! Thanks! 🙏 |
This PR adds new permissions for assigning roles and groups, seperate from editing them. This allows you to have users that can modify other users groups and roles, but not be able to change the groups or roles themselves.
As editing groups/roles is not dependent on viewing users, I moved it out of the view users permissions block.
I also added an update script so any roles that could previously edit roles/groups can now also assign them.
Fixes: statamic/ideas#474