Editors should not be able to promote other users to Admin role

  • Resolved InHouse

    (@inhouse)


    6 years, 1 month ago

    I need to allow the Editor role to add/edit/delete users. When I do this the Editor can promote other users to the Admin role. How is it that an Editor can promote users to a role higher than their own? How do I prevent this? Editors should only be able to promote to the Editor level and no higher. Thanks for any help!

Viewing 1 replies (of 1 total)
  • Plugin Author Kevin Behrens

    (@kevinb)

    6 years ago

    This would have been possible only if the Administrator role definition was saved in a way that set (or stripped) its role level to a value less than or equal to that of the Editor role.

    I just published Capability Manager Enhanced 1.5.8 with a new safeguard against accidental clearing of this level. For the purpose of role assignment validation, if the Administrator has a zero level, it will be implicitly treated as level 10.

Viewing 1 replies (of 1 total)
  • The topic ‘Editors should not be able to promote other users to Admin role’ is closed to new replies.