search

getkirby / kirby

Kirby's core application folder
https://getkirby.com
Other
1.31k stars 168 forks source link

user permissions: changeRole has no effect #5146

Closed jaro-io closed 1 week ago

jaro-io commented 1 year ago

hey there lovely kirby team 🌻 i am struggling with two things related to user permissions. i don’t know if they are related. this is the other issue. feel free to merge if needed.

description

i would like to control what roles users with a certain role are allowed to change. for example a manager should be able to change roles for other users. but an assistant shouldn’t be able to do that. when i set the changeRole permissions to true or false in my user blueprints it doesn’t seem to have any effect.

also it seems like there is a difference between this doc and this doc. in the first one it seems like changeRole is only available for user, not users. in the second one it seems like it’s available for both.

Screenshot 2023-04-13 at 18 40 22 Screenshot 2023-04-13 at 18 38 58

to reproduce

start with a clean starterkit. add a new user blueprint with the following permissions.

permissions:
    user:
        delete: false # works, this user can’t delete itself
        changeRole: true # doesn’t work, this user can’t change its role
    users:
        changeRole: true # doesn’t work, this user can’t change other user’s roles
Screenshot 2023-04-13 at 18 27 13

your setup

kirby 3.9.3

thank you for your help! 🤍 ✨

afbora commented 1 year ago

I've wrote a comment about that https://github.com/getkirby/kirby/issues/5147#issuecomment-1507596058