It is reasonable to only allow higher level permissions to edit the accounts of
lower permission level users. However, at the top Level role permission (ie
ADMIN), it is important to be able to edit the permission level for anyone in
the portal, including others with ADMIN permission.
We have discovered that you can set any number of portal users to have
ROLE_ADMIN, but if you want to remove that permission from some users, you
can't. This is very problematic.
There must of course always be at least one portal user with the ROLE_ADMIN
permission. This may be achieved by disallowing any user to edit their own
permission level (not necessarily the ideal method), or by performing a test on
save to ensure that there is at least one ROLE_ADMIN for the portal.
Original issue reported on code.google.com by CoolDa...@gmail.com on 19 Jul 2012 at 12:41
Original issue reported on code.google.com by
CoolDa...@gmail.com
on 19 Jul 2012 at 12:41