This repository has been archived by the owner on Feb 12, 2018. It is now read-only.
restricting roles using "Allowed Roles" does not stop user from deleting other user from ALL roles #32
Labels
Milestone
Comments
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
anyone who has access to the "Roles" tab in the module for any Role can remove another user from ANY role, not just the ones selected via "Allowed Roles". This includes removing them even from the "Administrator" role.
The text was updated successfully, but these errors were encountered: