More Robust Role Assignment #108

YashoSharma · 2017-03-03T05:19:11Z

Currently there is no endpoint to allow users to assign other users roles, we want to eliminate manual role assignment by creating an endpoint which:

Allows any NON_PROFESSIONAL or above user to modify the roles of other users
A user should only be able to assign or remove a role equivalent to their role or below
-e.g. A VOLUNTEER should not be able to assign a SUPERUSER role to a user
Users should not be allowed to modify the roles of users who have a role higher than their own
Users should not be allowed to assign staff roles to attendees, or mentors
Users cannot use this functionality if they are using the user impersonation utility
Users can't modify their own roles

The text was updated successfully, but these errors were encountered:

YashoSharma added application discussion feature security labels Mar 3, 2017

YashoSharma assigned ajohri Aug 18, 2017

YashoSharma removed the discussion label Sep 5, 2017

shreychowdhary assigned shreychowdhary and unassigned ajohri Nov 1, 2017

shreychowdhary mentioned this issue Nov 26, 2017

Role assignment #169

Open

7 tasks

Provide feedback