User Permission to change permission should be more strict

GTakacs Joined: 2005-12-10 Posts: 9	Posted: Thu, 2005-12-15 05:36
	I want to have a user his own album on my site and I want to give this user priviledge as to set what other users should be able to view his albums. But I don't want him to delete his root album ever. So I gave him access to change permissions on the album and blocked his access to delete album. Unfortunately now with the ability to set permissions, the user can go and add the delete permission for himself and he can delete his own root album. I think a user who has permission to change permissions should not be allowed to give more permissions than he himself has and he should not be able to remove his own permissions either. But that is just my thought..... I just don't want users giving everyone full access to their album or accidentally delete their own root album. I'm running 2.0.2 daily build from 12/12/05
	XUser login Username: * Password: * Create new account Request new password
valiant Joined: 2003-01-04 Posts: 32509	Posted: Thu, 2005-12-15 05:45
	of course, that would be nice. in oracle (database), you can define for each permission if the user should have grant permission for this permission himself. e.g. permission: add item: yes/no, with grant permission (is allowed to give this permission to other groups/users) yes/no. please file a feature request at http://sf.net/projects/gallery/ -> RFE

XUser login