Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Users should only be able to delete roles they have the permissions of #18

Open
towerofnix opened this issue May 26, 2018 · 0 comments
Open

Users should only be able to delete roles they have the permissions of #18

towerofnix opened this issue May 26, 2018 · 0 comments
Labels
proposal

Comments

@towerofnix
Copy link
Member

Presently we prevent a user (with manageRoles) from creating roles that contain permissions they don't have, and from updating roles so that they contain roles the user doesn't have. We don't specify which roles a user can delete, though. Presently anyone with manageRoles can delete any role; this is definitely not wanted. A simple proposal - users (with manageRoles) should be able to delete only roles that specify (as true or false) no permissions they do not have.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
proposal
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@towerofnix