Open Breezelaters opened 2 days ago
👋 Thanks for opening your first issue here! If you're reporting a 🐞 bug, please make sure you include steps to reproduce it. We get a lot of issues on this repo, so please be patient and we will get back to you as soon as we can.
Is your feature request related to a problem? Please describe.
This sort of falls under an escalation of privilege bug, but I'm entering it as a feature request. A user that has read only privileges to almost everything has been given user create privileges. That user is now able to create users that have vastly higher permissions than they have. While they can't create a superadmin or admin accounts, they are able to give themselves or others create/delete permissions. The use case for this is providing a client the ability to create users to check assets out to staff in their own company without having me, as the superadmin, to create users for them.
Describe the solution you'd like
When allowing an authorized user to create additional accounts, only allow them to select permissions that are equal to or lower than their own permissions. Alternatively, force them to select a pre-defined group that have read only permissions or force the account they create to not have login privileges to Snipe.
Describe alternatives you've considered
No response
Additional context
No response