Hi
I’m trying to create some Custom Conditions for Admin Users with lower permissions.
A user with the role “Admin” should be able to create new users and assign roles to them.
But i don’t want him to assign the “Super Admin” role to someone or himself. So I filter
this specific role out. Accourding to the Docs the condition shold look like this:
...,
{
displayName: 'Show Roles for Admin',
name: 'show-roles-for-admin',
plugin: 'admin',
handler () {
return { "name": { $ne: 'Super Admin' } }
}
},
...
This object is part of my conditions array, which gets registered in the bootstrap function:
async bootstrap({ strapi }) {
await strapi.admin.services.permission.conditionProvider.registerMany(conditions);
}
at ./src/index.js
In the Administration Panel I assign this condition to the “Admin” Role > Settings > Users and roles > Roles > Read
But logged in as a User with “Admin” role i’m still able to grant the Super Admin role to other users.
Other conditions, for content-types for example are working just fine!
Is this something that does not yet work, because of unstable state of the API or can someone spot the error?
Is an Update required? i’m still using v4.1.8
Thanks in advance for every help!
System Information
- Strapi Version: 4.1.8
- Operating System: Docker Container 123-Ubuntu
- Database: Postgres 14.2
- Node Version: 14.16.0
- NPM Version: 8.12.1