Open-event-server: User with organizer or coorganizer role can delete other roles too

Created on 7 Jul 2019  路  2Comments  路  Source: fossasia/open-event-server

Describe the bug

Currently, a user with coorganizer access to an event can delete other organizers/coorganizers/owners too. But the user should be allowed to delete users with roles smaller than the user itself.

Expected behavior

User should be able to delete another user (having a role in the event), only if the user

Additional context

On it

bug weekly-testing
Source
picture shreyanshdwivedi

Most helpful comment

But the user should be allowed to delete users with roles smaller than the user itself.

In my opinion, either only owner should have the access to create/delete roles or only owner and organizers should have that access, with organizers being allowed to create/delete roles except that of owner.

picture ShridharGoel on 8 Jul 2019
👍2

All 2 comments

But the user should be allowed to delete users with roles smaller than the user itself.

In my opinion, either only owner should have the access to create/delete roles or only owner and organizers should have that access, with organizers being allowed to create/delete roles except that of owner.

ShridharGoel picture ShridharGoel on 8 Jul 2019
👍2

So, only users with organizer access can create role-invites. The only problem lies with the delete function. Creating a PR for it

shreyanshdwivedi picture shreyanshdwivedi on 14 Jul 2019
Was this page helpful?
0 / 5 - 0 ratings

Related issues

shubham-padia picture shubham-padia  路  4Comments
rafalkowalski picture rafalkowalski  路  3Comments
SaptakS picture SaptakS  路  3Comments
dr0pdb picture dr0pdb  路  4Comments
aditya1702 picture aditya1702  路  4Comments