From #734128: Modify user roles

Hi,
Thank you very much for the module.

Is it possible that the operation "Modify user roles" in Views Bulk Operations (VBO) on a users view is not checking permissions to give roles, or bypass the module RoleAssign?
What I use:
Views Bulk Operations (VBO) 6.x-1.9
RoleAssign 6.x-1.0-beta3

I want to create a VBO to modify roles, by users that do not have full permissions to give all roles, like mid-admin on the site, using RoleAssign. Actually anyone who has access to the VBO can give and remove any roles to any user.

We would like RoleAssign to exposes an action that can be picked up by VBO.

Comments

Anonymous’s picture

Anonymous (not verified) CreditAttribution: Anonymous commented

Me too - on the thanks for a great module and the request for the tie-up with VBO.

j0nathan’s picture

j0nathan CreditAttribution: j0nathan commented

Hi mclsm,
I do not need this feature anymore. Do you still need this feature? If so I'll leave the issue opened, if not I'll close it.

j0nathan’s picture

j0nathan CreditAttribution: j0nathan commented
Status: Active » Closed (won't fix)
jordan8037310’s picture

jordan8037310 CreditAttribution: jordan8037310 commented
Status: Closed (won't fix) » Active

Hello,

I'm interested in the development of this feature. Was there ever anything done here? Obviously the comments would lead me to believe that there wasn't but I'm hoping someone figured out how to have Mid-Level admins only capable of promoting specific roles.

salvis’s picture

salvis
he/his
CreditAttribution: salvis commented
Version: 6.x-1.0-beta3 » 7.x-1.x-dev

No, nothing has been done, but it's certainly a very desirable feature.

However, it will need to go to the D7 version first.

jordan8037310’s picture

jordan8037310 CreditAttribution: jordan8037310 commented

Thanks salvis.

I actually used Role Delegation in order to implement User Role Promotion permissions for the mid-level administrators that were needed.

Appropriately setting the permissions effectively filtered the list of options that were available through Views Bulk Options -> Modify User Role.

Thanks again for getting back to me!

Cheers,
JR

JKingsnorth’s picture

JKingsnorth CreditAttribution: JKingsnorth commented
Issue summary: View changes

Ooh, we came across this just now. Effectively it allows users to 'bypass' the role assign settings when using VBO which isn't very desireable.

salvis’s picture

salvis
he/his
CreditAttribution: salvis commented

With the actions_permissions module you can withhold the views_bulk_operations_user_roles_actions permission.

VBO for D7 uses core's user_roles() to retrieve the list of roles. I would try to define hook_user_roles_action_form_alter() and pass the roles arrays through _roleassign_assignable_roles().

However, D8 will have to go first, once VBO for D8 is available for testing.