Role Assign by Role
| Project: | RoleAssign |
| Version: | 5.x-1.x-dev |
| Component: | Code |
| Category: | feature request |
| Priority: | normal |
| Assigned: | Unassigned |
| Status: | active |
Jump to:
Lovely module, thanks!
Rather than just selecting which roles can be assigned, it would be nice to also be able to select what "additional" roles a given user must have in order to assign a certain set of roles.
For example, I might have two departments (say marketing and finance), and what to create 2 different user administrators who can assign roles but only for their given department. The finance user administrator should be able to assign the finance-user, finance-editor, and finance-moderator roles while the marketing user administrator should be able to assign the marketing-user, marketing-editor, and marketing-moderator roles.
This would allow this module to provide more fine-grained control, especially in a larger, decentralised setting.
Cheers!
#1
Good idea. Right now I haven't time to implement it. But I leave this request open for future consideration.
#2
Yes, I anticipate needing to allow three different roles to each assign roles to others, but they are meant to work in a kind of hierarchy.
So, admin1 can assign any role, admin2 can assign any but admin1, and admin3 can assign any but admin1 or admin3.
Any thoughts on how to accomplish this? I'd be happy to help, if you could point me in the right direction.
#3
I plan to look inti this next week. So stay tuned. :-)
#4
I plan to look into this next week. So stay tuned. :-)
#5
I am looking forward to this feature...are there any updates on it?
#6
I agree. We could definitely use this as well.
#7
This is exactly what I'm looking for as well. Specifically, I have two departments, and I want one department head ("advertising_manager" role) to only be able to manage users in the "advertising" role (advertisers), and the other department head ("reporter_manager" role) to only be able to manage users in the "reporter" role (reporters). It seems like such a comment situation, I'm surprised I still haven't found a Drupal module that can provide this...
#8
I think the ultimate solution to this issue would be to store these assignments in tables and have a more complicated interface, something along the lines of what taxonomy_access uses.
I was, however, able to meet my needs by adding one more level of access I called the 'admin set', and by adding a capability I called 'bequeath'. The idea behind 'bequeath' is that there are some roles I want users with role assign privileges to be able to bestow onto other users. By making the role capable of being bequeathed, I avoid needing to set up a rule in a different interface for each such rule.
To be able to make all of this work, I just needed to make two changes. First, I added some permissions:
function roleassign_perm() {return array('assign roles','access admin set','in admin set','bequeath');
}
Next, I needed to expand the function that determines the assignable roles:
function _roleassign_assignable_roles($roles) {
global $user;
$assignable = array_filter(variable_get('roleassign_roles', array()));
if (user_access('access admin set')) {
$admin_set = user_roles(true, 'in admin set');
foreach ($admin_set as $as_key => $as_val) {
if (!array_key_exists($as_key, $assignable)) {
$assignable[$as_key] = $as_vel;
}
}
}
$bequeath_set = user_roles(true, 'bequeath');
if ($bequeath_set) {
$add_roles = array_intersect_key($bequeath_set, $user->roles);
foreach ($add_roles as $ar_key => $ar_val) {
if (!array_key_exists($ar_key, $assignable)) {
$assignable[$ar_key] = $ar_vel;
}
}
}
return array_intersect_key($roles, $assignable);
}
Now, in the access control screen, I can assign roles to the admin set and determine which roles can access it, as well as which roles can be bequeathed.
#9
I've created the module Role Delegation to solve this problem. I have submitted a new module rather than a patch because it works quite differently from RoleAssign and would have amounted to a complete rewrite of the module. Feedback is welcome. ;-)
#10
I found one thing strange about this role assgning modules and that is it always needs to enable "administer access control" permission which basically means used that have this have still permission to everything because he can change passwords for every user including main admin and then simply log as that main admin with all rights.
If I'm missunderstanding something please correct me.
#11
I would really love to see this too, as it would give a lot more flexibility. When I was looking into implementing this functionality, that's what I had envisaged, but the current RoleAssign module came close enough to our needs that we went with that for now anyway.
#12
I would very much like this functionality... ++++ 1 please
Richard