Solved
Let user without permission add a role
Hi everyone, I'm looking to let certain super users add a specific role to any user. Obviously I don't want to give them the full permission to change roles, so I was wondering if anyone has a code ...
Forum Discussion
I don't have any specific examples, but you should be able to achieve it using a combination of a custom component and custom endpoint:
- Create a custom endpoint that takes the login of the user to grant the new role to. It checks the current user is a superuser, and if they are adds the role to the specified user using a restadmin call (which will call the API as an admin).
- Create a custom component, which is only displayed to the appropriate users, that calls the custom endpoint. You will need to have a way for the super user to specify the username to grant the role to.
You'll need a concrete way of identifying superusers - presumeably based on a certain role. You'll also need to think of where to put the custom component (maybe a custom page).
The approach suggested by nathan seems solid. You may also want to either hardcode the role to grant (in the endpoint), or if it is passed as a parameter, that the parameter is checked against a whitelist of roles that the superusers are supposed to be able of granting (just to avoid someone exploiting the endpoint to add arbitrary roles)
Thanks guys, I think I understand the principle of how it's supposed to work now. The only way to elevate a user's permission is to use Freemarker to do a restadmin call/post, and that needs to be done with the help of a endpoint. My problem is having an actual example. Without a working example of a component and a endpoint I'm lost.
