On 28 Jan 2006, at 3:21 PM, Sammy Spets wrote:
On 28-Jan-06 13:46, Karoly Negyesi wrote:
* Disabling changes to usernames and passwords of administrative users by users having administer users permission.
I smell hiearchical roles here. Some user ought to be able to change other users psswords... including admins... I guess at least.
Yes indeed some user must be able to change these attributes of _all_ users. Here is how I am planning on doing this to KISS and avoid using taxonomy or hierarchical roles in the short term.
Was planning to add a setting to the user setting page allowing the selection of a role (or none) where users are given the ability to modify usernames and passwords of every user in the system.
None: everyone with administer users permission can edit all users <role>: users with selected role are given the ability to edit all users. users with administer users permission can not change username and password of those with the selected role. You can do a function like :
function mymodule_form_alter($form_id, &$form) { if ($form_id == 'user_edit') { // might have to double check the form id if (/* check that the user is not allowed to edit things*/) { $form['name']['#type'] = 'value'; // whatever the password requires. might have to make it hidden } } return $form; } This will remove those fields from the form if the user isn't allowed to edit them. -- Adrian Rossouw Drupal developer and Bryght Guy http://drupal.org | http://bryght.com