Open martinburchell opened 1 year ago
Yes. I think this is because I didn't want Alison to be able to change Barack's e-mail, must-change-password flag, etc. (Or to be able to remove Barack from group B, but I think that is handled because Alison can't change permissions for group B.) Maybe the problem is that group membership is in the same form as the basic user attributes? So we could just trust Alison with this, in which case it's probably pretty easy to fix, or split the two aspects and prevent Alison from removing Barack's group admin status from B. (But I think she can grant group admin rights to A, and therefore remove them.) Maybe I am worrying unnecessarily!
OK so not a trivial thing to change. This request hasn't come from a user, just an observation when setting up the CPFT ED Service.
Currently a group admin can't make a member of their group a group admin. We've captured this in #248
Scenario: