BUG: Button "Deactivate user" leads to authorisation error

[ArdJonker]

Button "Deactivate user" leads to authorisation error

Steps to reproduce

1. Loggedin as Ard-Read-Only
2. Navigate to users through top menu
3. Select user (eg Quik)
4. Click Deactivate user button in top left.

Result

message "You cannot be authorized for this content or functionality. It requires admin permission(s)." result "Rejected" status "INVALID_SENDER"

Expected result

Or: Button not visible Or: Deactivated user

[Flix6x]

This is a user in a consultancy account trying to deactivate a user in a consultee account, right? @nhoening any thoughts on whether or not this should be an allowed action?

[nhoening]

At this time,

• Ard is not yet consultant, right?
• We designed consultancy about reading. We have not implemented access around the other permissions.

So for now, deactivating the button if the current user is not account-admin, and we can open a discussion around allowing consultants to update, create children or delete

[nhoening]

To be more to the point:  Ard-Read-Only can only read, not make changes.

We should hide the button if the user is not admin or account-admin.

That closes this issue.

[joshuaunity]

account-admin

as i work on this I notice that the "account-admin" cant view the users page at all, if that's normal then the condition on who to see this button should be only the "admin"