[development] Hello from another developer/Want to add some features

Sammy Spets sammys-drupal at synerger.com
Mon Jan 30 03:13:58 UTC 2006


On 28-Jan-06 15:29, Rob Thorne wrote:
> A simple solution to this would have "levels" of roles -- a simple 
> weight number.  The rule is:  you cannot assign a role to another user 
> that has a lower weight than the most privileged role that is assigned 
> to you.  This would allow a simple way to partition the administration 
> of users into sub-administrators, and is easier to create admin UI for 
> than a hierarchy (take a look at og_hierarchy if you want to see how 
> nasty that kind of UI can get).
> 
> This is a simple work around a serious problem (IMHO) with the Drupal 
> user model:  it's currently possible for any user with "administer 
> users" privileges to effectively elevate his/her privilege level.
> 
> Am I missing something, and there's some other way to prevents this?

This is definitely a simple solution to my problem. Overall however, I
think the model you've suggested will have to look out for the cases
presented in multi-site setups as well as Drupal network.

-- 
Sammy Spets
Synerger Pty Ltd
http://www.synerger.com/


More information about the development mailing list