Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Editors get an error when creating users #1856

Closed
allanaaa opened this issue Jun 15, 2022 · 5 comments
Closed

Editors get an error when creating users #1856

allanaaa opened this issue Jun 15, 2022 · 5 comments

Comments

@allanaaa
Copy link

Came up while doing #127.

Supervisors work as described.

Editors, who are supposed to be able to create users as per the manual, can click the "Add new user" button. But upon submission I get a "Forbidden" page.

So, either editors are supposed to be able to create users (if so - at what level(s)?), or editors shouldn't see the "Add new user" button, and I'll update the manual accordingly.

The add-user form doesn't have a role dropdown, so I'm not sure what the default role would be, were this to work. I am not sure if there is a good reason why an editor doesn't see the same add-user form as a supervisor (missing are the role dropdown, and the "is active" checkbox).
@zerocrates
Copy link
Member

I'll try to run this down.

They're not seeing the "role" dropdown because "change role" is a separate permission that they don't have.

I'm thinking the reality here is that they've really never been able to do it, despite the manual and permissions being a little confused on the fact.

@zerocrates
Copy link
Member

Basically the situation is that Editors have never actually had the underlying permission needed to create users, though they do have the permission to see the add user page and therefore the button.

My preference for fixing this would be to revoke that "page" permission and correct the documentation to match.

@sharonmleon
Copy link
Member

I'd also rather that they do not see the page, rather than have the permission.

@allanaaa
Copy link
Author

Great.

So, as far as discussion over the last few days/weeks, Supervisors are now

  • Can create users at lower levels (editor, researcher, author, or reviewer). Cannot create other Supervisors or Global Admins.

as per omeka/omeka-s-enduser/issues/127 .

Editors are now

  • Can see other users of the installation and their email addresses, but not add users.

and lower level user roles are

  • Can see other users of the installation and their email addresses.

which may or may not change if we do something re: #1855.

@zerocrates
Copy link
Member

I think that all sounds correct.

zerocrates added a commit that referenced this issue Jun 30, 2022
@zerocrates
Clarify editor permissions
f640a42 
Revoke misleading user create/batch privileges.

(fix #1856)

(cherry picked from commit 71c2d6c)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@zerocrates @sharonmleon @allanaaa