members icon indicating copy to clipboard operation
members copied to clipboard

Published 20 hours ago verified publisher icon symphonycms

Authors can edit Member Role permissions

Open michael-e opened this issue 9 years ago • 7 comments

Backend authors are able to edit Member Role permissions. This feels like a bug to me. Or is this intended?

michael-e avatar May 22 '15 13:05 michael-e

This feels like a bug to me.

Me too. Only Managers should be able to do it.

nitriques avatar May 22 '15 15:05 nitriques

Shall we simply move it to blueprints to fix this or rather hide it like the CSV extension does?

public function fetchNavigation()
{
    // Author: Use the accessor function if available (Symphony 2.5)
    if (is_callable(array('Symphony', 'Author'))) {
        $author = Symphony::Author();
    } else {
        $author = Administration::instance()->Author;
    }

    if ($author->isDeveloper()) {
        return array(
            array(
                'location'	=> __('System'),
                'name'		=> __('Import / Export CSV'),
                'link'		=> '/'
            )
        );
    }
}

animaux avatar Nov 23 '17 10:11 animaux

Blueprints is not the right place. We should hide it and programatically prevent using it (by checking the author role).

michael-e avatar Nov 23 '17 10:11 michael-e

I moved it to Blueprints as a quick workaround and it feels quite natural to have it there. :)

But you are probably right.

animaux avatar Nov 23 '17 10:11 animaux

@animaux Can you send a PR please ? So we can discuss it better ? Thanks.

nitriques avatar Nov 24 '17 20:11 nitriques

I don’t have the extension-knowledge to do that the way @michael-e suggests. Would have to copy code from other extensions which might not be the best way to do it. Maybe someone with more expertise can take over?

animaux avatar Nov 27 '17 07:11 animaux

Ok

nitriques avatar Dec 04 '17 23:12 nitriques