Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Limit "permission level" when creating a new role as a Journal Manager #10180

Closed
asmecher opened this issue Jul 9, 2024 · 1 comment
Closed

Limit "permission level" when creating a new role as a Journal Manager #10180

asmecher opened this issue Jul 9, 2024 · 1 comment
Assignees
@asmecher
Milestone
3.3.0-18

Comments

@asmecher
Copy link
Member

asmecher commented Jul 9, 2024

Currently Journal Managers, when creating a role, can specify any Permission Level. They should not be able to create Site Administrator roles.
@asmecher asmecher added this to the 3.3.0-18 milestone Jul 9, 2024
@asmecher asmecher self-assigned this Jul 9, 2024
asmecher added a commit that referenced this issue Jul 9, 2024
@asmecher
#10180 Restrict permission levels for JMs creating roles
7ffd51c
asmecher added a commit that referenced this issue Jul 9, 2024
@asmecher
#10180 Restrict permission levels for JMs creating roles (stable-3_4_0)
260258f
asmecher added a commit that referenced this issue Jul 9, 2024
@asmecher
#10180 Restrict permission levels for JMs creating roles (main)
ce0f337
@asmecher asmecher closed this as completed Jul 9, 2024
@asmecher
Copy link
Member Author

asmecher commented Jul 9, 2024

(This will cause an administration menu to appear, but it cannot be used, as permission checks ensure that only site admin roles with context_id of 0 are permitted.)

@asmecher asmecher mentioned this issue Jul 16, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@asmecher asmecher

Labels
None yet
Projects
None yet
Milestone
3.3.0-18
Development

No branches or pull requests
1 participant
@asmecher