Add permissions for how roles can interact

[chris-steele]

What happened?

Currently if a limited role is given access to user management it can delete accounts with super user rights. We need a way to control how a role can manage other roles.

Expected behaviour

No response

Steps to reproduce

See above

Authoring tool version

v1

Framework version

No response

What browsers are you seeing the problem on?

No response

Relevant log output

[chris-steele]

@taylortom is this something you can look into? Hopefully this module is the most appropriate place, but feel free to move the issue if not.

[chris-steele]

My first thought on this: can we keep it simple and use the extends property of roles to achieve this? A role that has the scope write:users can only mutate users of subordinate roles (i.e. those that it extends). For example, contentcreator extends authuser so the former can mutate the latter.

The above would of course limit the flexibility of roles and require a linear chain of command so to speak, so a more flexible approach could be for each role to have a list of role IDs for which it can mutate. For example, superuser would have the list [contentcreator, authuser].