Rakkoc
commented
3 years ago I solved my need with a little hardcoded but quickly.
if user_id != str(user['_id'])
change to
if user_id != str(user['_id']) and str(user['role']) != "admin":
Closed Rakkoc closed 3 years ago
Rakkoc
commented
3 years ago I solved my need with a little hardcoded but quickly.
if user_id != str(user['_id'])
change to
if user_id != str(user['_id']) and str(user['role']) != "admin":
ismetacar
commented
3 years ago Hi @Rakkoc,
Thanks for your feedback. That is really quick fix. :)
Actually you wrote hardcoded "admin" but there is no any resource or property like 'admin' in Ertis Auth. Ertis Auth users can change the role name, that is just a name. Unfortunately we cant use if "admin" condition.
Ertis Auth has roles and we can manage all actions with role permissions. I thought first, can we solve this issue with permissions? Unfortunately we cant. Because of we are using apache shiro approach for rbac. So we can manage resource actions with permissions.
Right now, we have membership owner property for roles. The role model is like below.
{
"_id": "xxx",
"name": "admin",
"permissions": [
"*"
],
"slug": "admin",
"membership_id": "xxx",
"sys": {
"created_at": "2021-03-02T16:07:07.758000Z",
"created_by": "ertis_cli"
},
"membership_owner": true
}The solution is: If role has membership owner property, this role users can change other users password with own access token.
I hope this solution will fix your issue.
Cheers.
Hi Dears, I want use change-password api for other users by admin. But when i try it, system return "User cannot change other users password" (error code : errors.userCannotChangeOthersPassword ) error. How i enable it ? or i can ?