Closed JohnONolan closed 5 years ago
This is a different incarnation of the same issue that means it is pretty darn near impossible for us to make it so that authors cannot publish.
Administrators must not be allowed to change the role of an Owner.
A change is to a role is an "edit" action, we can either allow all edit actions or no edit actions.
Same with publishing a post, publishing is an edit to status, and we can either allow an author to edit everything or nothing.
We desperately need more fine-grained permissions. I would LOVE for someone to come along and see if they can even find a hacky workaround for this. I looked a couple of times and the level of hack grew beyond my tolerance each time.
Hi, I see no reason why Administrator should be able to edit Owner's profile so I would give it a low priority. However as @ErisDS mentioned more granular permissions are important to have for example equivalent of Wordpress "contributor" role.
As mentioned by @PaszaVonPomiot and @ErisDS more granular permissions would be really useful. We've been using Ghost for the last six months on one of our sites and we love it, but we are thinking we may have to switch back to WordPress to get a 'contributor' type role (e.g. someone who can write a post, but not publish). Are there any plans for this any time soon?
My last comment is the latest information there is. If you can PR it, we will merge it.
We now have support for attribute based permissions, so it should be possible to fix this. This issue needs a review, if it's now possible and straightforward to fix (i.e. will take < 1/2 day) we should fix it.
Else we should close due to lack of traction.
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
I am an administrator, Kevin is the owner, when I try to give Kevin a location for his public profile... I get access-denied.
The intended behaviour is that administrators should be able to edit all users. The only thing they can't do is delete the owner. I have no idea if this is a new issue or an old issue
Ghost 1.0 beta-1