members
members copied to clipboard
Authors can edit Member Role permissions
Backend authors are able to edit Member Role permissions. This feels like a bug to me. Or is this intended?
This feels like a bug to me.
Me too. Only Managers should be able to do it.
Shall we simply move it to blueprints
to fix this or rather hide it like the CSV extension does?
public function fetchNavigation()
{
// Author: Use the accessor function if available (Symphony 2.5)
if (is_callable(array('Symphony', 'Author'))) {
$author = Symphony::Author();
} else {
$author = Administration::instance()->Author;
}
if ($author->isDeveloper()) {
return array(
array(
'location' => __('System'),
'name' => __('Import / Export CSV'),
'link' => '/'
)
);
}
}
Blueprints
is not the right place. We should hide it and programatically prevent using it (by checking the author role).
I moved it to Blueprints
as a quick workaround and it feels quite natural to have it there. :)
But you are probably right.
@animaux Can you send a PR please ? So we can discuss it better ? Thanks.
I don’t have the extension-knowledge to do that the way @michael-e suggests. Would have to copy code from other extensions which might not be the best way to do it. Maybe someone with more expertise can take over?
Ok