Edit User Profile: Role dropdown #3402
Comments
|
I'd love to take this over the weekend, been too long since I got to do some ghosting :) |
Merged
|
For editors, being able to assign the author role is as good as being unable to assign a role, no? |
|
Good point - probably doesn't make sense for editors to be able to see the role dropdown (on the edit-user screen) |
novaugust
added a commit
to novaugust/Ghost
that referenced
this issue
Jul 30, 2014
Closes TryGhost#3402, Closes TryGhost#3428 ------------------- ### Components - Added GhostSelectComponent to handle async select creation (h/t @rwjblue) - Added GhostRolesSelector (extends GhostSelect) for displaying user role options - Created StoreInjector for surgically inserting the store into things that normally wouldn't have them. ### Users Settings - InviteNewUserModal now uses GhostRolesSelector & defaults to Author - The role dropdown for user settings has permissions set per 3402 ### User Model - Added `role` property as an interface to getting and setting `roles` - Refactored anything that set `roles` to set `role` - isAdmin, isAuthor, isOwner and isEditor are all keyed off of `role` now ### Tests - Added functional tests for Settings.Users - updated settings.users and settings.users.user screens - fix spacing on screens ### Server Fixtures - Fixed owner fixture's roles
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
In the template for the user edit screen, there is a commented out role dropdown:
https://github.com/TryGhost/Ghost/blob/master/core/client/templates/settings/users/user.hbs#L67
We now have the Roles API browse endpoint for fetching the roles that the currently logged in user is allowed to assign (although it won't function 100% until #3395 is merged)
We also have the User API edit endpoint updated to expect to have to change a role, and to check permissions for what roles can be assigned.
Therefore, all the pieces should be in place to wire this up. The dropdown needs uncommenting, populating with a list, and hiding if the list is empty.
You can reference #3083 to see who should be allowed to assign a given role, but in short:
Update: This dropdown shouldn't appear when editing the current logged in user's profile, i.e. it shouldn't be possible to edit your own role as it's a pretty destructive action & too easy to do. Authors can't edit roles, owners can't relinquish their ownership without doing the explicit "Transfer ownership" action, so only admins and editors are affected, and they are only prevented from downgrading themselves which seems like a minimal use-case anyway.
The text was updated successfully, but these errors were encountered: