How can I set the user's role upon registration? #7328

This discussion has been migrated from our Github Discussion #7328


EKarpinsky140d ago

I have 2 authenticated roles: Role A and Role B. How can I let the user choose which role he is and set it upon registration?

Thanks

Responses to the discussion on Github


EKarpinsky139d ago

Author

SOLVED: You have to change the register function that comes with Strapi, now located in the ‘node_modules’ directory. Create a new file “Auth.js” in /extensions/controllers (you will have to create the controllers directory as well). In that Auth.js file, copy paste the register function from ‘node_modules/strapi-plugin-users-permissions’, as well as the consts at the top such as lodash, and edit the role declaration into the following line:

const role = await strapi.query(‘role’, ‘users-permissions’).findOne({id: ctx.request.body.role.id}, []);

Quite the long approach, so hopefully Strapi will release an easier way of specifying role id on register, instead of just using the default one.


lauriejim139d ago

Maintainer

Thank you for this answer, got a lot of this question. We will probably have to reference that somewhere


EKarpinsky139d ago

Author

My pleasure! Was bugging me since yesterday and even Google had a tough one with this!


derrickmehaffy139d ago

Collaborator

Quite the long approach, so hopefully Strapi will release an easier way of specifying role id on register, instead of just using the default one.

Previously our stance on this has been it can be a security risk so we generally advise against allowing the user to pick their role. I know this isn’t always the case for all users but in the few that I have seen it would have been a pretty major security risk. My suggestion in the past was to register them under the default and then via either an automated review process or manual review to then reassign their role after that.

Either way thank you for the solution you found :slight_smile:


abbeyseto116d ago

Thanks, @EKarpinsky for this solution.

I really needed this feature and was happy this helped me.

Just a point to note, putting the logic in **/extensions/controllers/Auth.js**, the custom roles logic doesn’t work. The default logic from the node_modules was still called. To correct this i tried:

extensions\users-permissions\controllers\Auth.js

and this worked perfectly.

1 Like

This seems like a “wrong question” The roles are allowing the application to categorize users in the process of authentication - and allow / disallow authenticated users (a process called authorization) certain privileges. A trivial and often used example is the classification of users into three groups (bronze silver and gold) based on the subscription price. If the user is able to select his role, the classification becomes meaningless

@adriatic this discussion is quite old and predates our RBAC feature, the role the user is talking about is from the users-permissions plugin and doesn’t depend on any license.

I migrated it from GitHub Discussions as we are shutting our GitHub Discussions down this week.

Thanks for the explanation Derrick :smiley: