Hello I notice that would be nice another permission to control who can grant permissions to another users.

For example if you have an user manager and the same can't grant permission to another users in their account's edit form.

CommentFileSizeAuthor
tac_lite-edit_user_permissions.patch800 bytesRAFA3L
Support from Acquia helps fund testing for Drupal Acquia logo

Comments

Dave Cohen’s picture

Status: Active » Postponed (maintainer needs more info)

I'm not sure what your trying to do. Are you concerned that users with "administer users" should not be able to grant terms to users? Or, are you concerned that a user without "administer users" should be able to grant terms?

I'm not sure a user without "administer users" would even reach the user/edit pages. And I'm not convinced there's a need for a new permission here.

RAFA3L’s picture

Yes, "administer users" can edit any user Account, even the Taxonomy Access. And I would like an user administrator without this permission. For example...

I'm the main Administrator of one site and I can edit any user Account and his Taxonomy Access.

But I have another Admin user (and role Admin) who can edit users too. I would like to limit this Admin and grant him access only for the Account options without permission to edit the taxonomy access of all another users.

Dave Cohen’s picture

Am I correct that the admin you're talking about can change a user's roles? If so, they could grant whatever access they want to any user.

If that's true, you're not making the system any safer with this new permission. I wonder if a custom menu alter is more appropriate for this.

rcodina’s picture

Status: Postponed (maintainer needs more info) » Needs review

@Dave Cohen Ok, here is a use case when a user without "administer users" permission should see "Access by taxonomy" page created by tac_lite module.

I use both RoleAssign and Administer Users By Role to allow users of a particular role to create users and assign roles. I use this both modules because I don't want this role to have the same superpower as admin role with "administer users". For example, I only allow this role to assign/unassign particular roles.

Once said that, I agree with @RAFA3L patch.

rcodina’s picture

Status: Needs review » Reviewed & tested by the community

Patch of @RAFA3L works for me!