OrchardCore icon indicating copy to clipboard operation
OrchardCore copied to clipboard
verified publisher icon OrchardCMS

Expand the User management permission to allow for Edit,Delete or view only scenarios

Open MikeAlhayek opened this issue 3 years ago • 4 comments

Is your feature request related to a problem? Please describe.

I have a need where some users need to be able to view and edit other users but not to be able to delete users. Currently, ManageUser permission is all that we have around editing/deleting users which is limiting the ability to grant the users the needed permissions.

Describe the solution you'd like

I think we should add

  1. EditUsers: allows the user to edit other users
  2. DeleteUsers: allows the user to delete other users

Now, a user with EditUsers permission would be able to add users or edit any users. The existing ManageOwnUserInformation would only allow the user to edit their own profile. Also, any user with ManageUsers would be able to also edit, delete to prevent breaking existing permission.

Now, this would give us more flexibility/control over the secured user UI.

MikeAlhayek avatar May 24 '22 23:05 MikeAlhayek

This need us to do something similar in all the permissions that state "Manage", which will increase the number of permissions. Why not add this as a custom permission?

hishamco avatar May 25 '22 04:05 hishamco

@hishamco i am not sure that I follow. Using Manage permission is just not flexible enough to cover multiple use cases. I don’t know what/how would one create a custom permission to allow one to edit and/delete a user

MikeAlhayek avatar May 25 '22 05:05 MikeAlhayek

@CrestApps I can see that you are pushing a lot of Pull Requests recently. Maybe you should join meetings and share with us your requests so that we can provide guidance. Sometimes asking questions can save a lot of time. I'm not saying this for this issue/pull request specifically, I'm just saying because we need to also define if these requests will make it into the source code. Sometimes, you can also create your own overrides for your specific needs. We will need to review all your pull requests after we release 1.4.

Skrypt avatar May 25 '22 06:05 Skrypt

Here is a list of the roles that were added.

  • List users in role - {0}
  • Edit users in role - {0}
  • Delete users in role - {0}
  • Assign users to {0} role
  • Manage user profile settings

Also, a new settings that allows the user to enable/disable username and/or email change in the users UI.

MikeAlhayek avatar Sep 14 '22 21:09 MikeAlhayek