Group administrator cannot manage users who are group administrators of other groups

[martinburchell]

Scenario:

• Alison is a group administrator for group A
• Barack is a regular member of group A and an administrator for group B
• Alison cannot edit Barack's membership of group A, or at least he doesn't appear in the list of users that Alison can manage.

[RudolfCardinal]

Yes. I think this is because I didn't want Alison to be able to change Barack's e-mail, must-change-password flag, etc. (Or to be able to remove Barack from group B, but I think that is handled because Alison can't change permissions for group B.) Maybe the problem is that group membership is in the same form as the basic user attributes? So we could just trust Alison with this, in which case it's probably pretty easy to fix, or split the two aspects and prevent Alison from removing Barack's group admin status from B. (But I think she can grant group admin rights to A, and therefore remove them.) Maybe I am worrying unnecessarily!

[martinburchell]

OK so not a trivial thing to change. This request hasn't come from a user, just an observation when setting up the CPFT ED Service.

Currently a group admin can't make a member of their group a group admin. We've captured this in #248