More User Roles restrictions

Hi, is there a way to specify the user roles a little bit more? i think an Editor and Reviewer should not only be able to delete or change the settings of the site and global admin or anything above them.
Also they should not be able to upgrade there own role from reviewer to global admin

Thanks. That sounds like we might have some of the permissions settings at not quite what we want (like upgrading oneself to global admin).

I think a module can tap into the ACL permissions, but that’s often tricky business.

We’ll look at the existing permissions first.

I can’t reproduce a reviewer being able to change their own role. What version of Omeka S are you using?

I’am running version 1.0.1

huh. Am I following right that when logged in as the reviewer, under that user’s page, you see the dropdown to change the role?

yes it’s still like described - it won’t be a problem to create you a login though that you can try it yourself.

That might be helpful for tracking this down, thanks.

ok, i add a new user (reviewer) with your mail

Thanks. checking it now.

Yep, on that install I was able to bump myself up to a Global Admin. But I can’t do that on my installations.

That makes me suspect an ACL change in one of the modules. GuestUser definitely works with ACL changes, so that’s my first guess. Maybe also EasyInstall, but I’m less confident in that one.

I’d try deactivating modules, starting with those, to see if reviewers can still bump themselves up.

Unfortunately, I can’t drop myself down from a Global Admin back to reviewer. That’s by design, so an installation won’t accidentally be left without a Global Admin. But, to check up on this, I think you should be able to drop me back down to Reviewer.

EasyInstall doesn’t use acl, it’s reserved to admin. GuestUser changes acl, but only for the guest users.

Ok, It was the guest plugin - after uninstalling it everything works fine.
Thanks for your help. jan