The MU forums have moved to WordPress.org

Allow blogs admin to add user and set them roles (17 posts)

  1. jehanproc1
    Member
    Posted 15 years ago #

    hello,
    I'am in wordpress MU 2.7.1 and I cannot delagate blog admins to add and set users roles on their blogs :-( .
    My "site admin" adminstrator login allows me to add user in the site, then these user are added to sub-blogs, but administrator of these sub-blogs aren't allowed to switch users of their blog from one role to an other (ei: contributor -> author) . When this blog admin tries to edit a user, it receives:
    "You do not have permission to edit this user."
    How can I give those sub-blog admin more permission on managing their blog users .

    Thanks.

  2. john.waller
    Member
    Posted 15 years ago #

    I am having this exact same problem in that only the overall site admin is able to modify profile info.

    I'm on MU 2.6.5

    Thanks!

  3. carnini@nmhschool.org
    Member
    Posted 15 years ago #

    I am having the same issue.
    One of my site admins has access to two subdomain blogs.
    He can add users but when he clicks on edit profiles we gets a
    You do not have permission to edit this user

    I double checked and he is an admin.
    How do I go about fixing this?
    thanks

  4. DeannaS
    Member
    Posted 15 years ago #

    This is by design, I'm pretty sure. Blog admins can't edit users. You CAN assign roles using the drop down box above the list of users. Just check the box next to the user that you want to change roles for, then select the role in the drop down box and click "change."

  5. earthmanweb
    Member
    Posted 15 years ago #

    This seems rather disturbing, if what you say is true and it IS by design.

    I am running wpmu 2.8.4 and have a separate blog with an administrator user that needs to change the details on the subscriber users he just added (in his own blog). For example - let's say he made a mistake when signing the user up, he can't delete (so the username is gone for good) and he can't edit it to fix it...

    if he made a mistake on the username, he can't sign that same email address up again, until a global admin deletes the user.

    Making this admin user a global admin is not an option, neither is having him delegate all his user tasks to a global admin.

    this seems to be a major usability issue that should be addressed. Does anyone else agree?

  6. DeannaS
    Member
    Posted 15 years ago #

    You could probably write a plugin to override it. You'd need to look at the capabilities you want blog admins to have, and then add the capability to the role.

    See, the issue is that USERS are not blog-specific. Users are site-specific. So, a user may get added to your blog, but they are then available in the site for any blog. Would you like blog 1 admin to change blog 2 user's info? That's why editing a user is a site admin capability, not a blog admin capability. The only thing blog-specific about a user is their role in that blog, which you can edit.

  7. jehanproc
    Member
    Posted 14 years ago #

    I agree with your latest post, but the feature I was initialy looking for , is for a sub-blog admin to be able to browse the list of available users, so that he can add one easily to his blog. For now , only the site admin can add users to sub-blogs , and it's really a pain for him (me ;-) ) to do that when you think there is a potential of 3000 users and hundred of blogs !.

  8. kgraeme
    Member
    Posted 14 years ago #

    Blog admins CAN add users to sub-blogs (setting in Site Admin > Options > Add New Users). Only Site Admins can modify a user's profile.

    Do you people even TRY using wpmu before asking these questions?

  9. andrea_r
    Moderator
    Posted 14 years ago #

    I have often wondered the same.

    Then again, I've realized there are some kinds of people who need to be told of all the possibilities before they even look at anything or push a button. I just try to remember it's a different learning style before my head explodes. :D

  10. kgraeme
    Member
    Posted 14 years ago #

    "What's in the toybox? I don't want to open it until I know what's in it."

    Me? Just want to dive in and play! :D

  11. andrea_r
    Moderator
    Posted 14 years ago #

    Same here! Explore! Get messy! Break stuff and see what happens. :D

  12. jehanproc
    Member
    Posted 14 years ago #

    be sure that I spent lot of time trying to do what I asked for !
    Indeed "Blog admins CAN add users to sub-blogs" .
    My request is to enable blog admins to browse the list of already created users on the "site-admin/meta blog" (whatever you call it ...) instead of guessing their login or even worst, create a different account from the same person already logged-in the "site-admin" blog .

    in my wordpress-mu instance, I use CAS SSO plugin and now even shibboleth (http://wordpress.org/extend/plugins/shibboleth/) to enable login and role assignement at first login to the site-admin blog .

    Then, is this request now more serious ? or I missed something ?

  13. kgraeme
    Member
    Posted 14 years ago #

    1. That's an awesome plugin! Thanks for linking it. I wonder if it works with ADFS (the MS Active Directory version of what shibboleth does).

    2. (This part is premised on familiarity with the ldap plugin and reading the CAS/shibboleth plugin descriptions.) The problem with your goal is that wordpress doesn't actually know what users are in your shibboleth user directories UNTIL they've been added to a site. If it's like the LDAP plugin, when a blog admin types in the user's LDAP account name it queries the LDAP server to see if they exist, if so then it creates a matching entry in wordpress's database.

    So while it's entirely possible to write a plugin to change the Add User page to show the list of wordpress users to blog admins (pulling from the same list as the Site Admin > Users list), it wouldn't show users that are in your directory that haven't been added yet. It's a great idea for a plugin for MU installs only using the local wordpress accounts, but for LDAP/CAS/Shibboleth setups it's a UI catch-22. The user has to be added to display their account name, but without knowing their account name they can't be added.

    The only way out of this conundrum would be for the CAS/shibboleth plugin to be able to actually provide a way to do a search for users in the user directories (not wordpress DB) and display a list of matches for the blog admin to select from.

    Two good plugin ideas!

  14. jehanproc
    Member
    Posted 14 years ago #

    1)Shibboleth plugin is an essential functionality for us, has it allows people from other institution to connected based on their home institution credentials, I don't think it's directly compatible with ADFS, but as both solution speak SAML, I understood that there are potential compatibilities .

    2) indeed that would be great to be able to browse ldap or whatever directory to list potential users .
    I'am not at that point right now, I just want the sub-blog admin to list the already available user list from peaople already connected to wordpress, as you state it "(pulling from the same list as the Site Admin > Users list)" . Is this possible or a plugin needs to be writen ?

  15. miklb
    Member
    Posted 14 years ago #

    OK, this is confusing. I just tested in 2.8.5.2, and a blog admin "sees" an edit link for a user, but clicking it gives a "You do not have permission to edit this user." page, but the blog admin can delete the user. Is this a bug?

    In this scenario, I created a test user with the role of "editor" with a blog admin, not site admin.

  16. phoque
    Member
    Posted 14 years ago #

    I am having the same problem. I would like to restrict blog admins to adding users from the "root" blog (as all shibboleth users are being added to it by default). Has anyone found a solution to this?

  17. kengary
    Member
    Posted 14 years ago #

    This seems to still be a problem...or at least a confusing situation.

About this Topic

  • Started 15 years ago by jehanproc1
  • Latest reply from kengary