I want to control what users are able to do. For example, prevent access to the CP when the system is off.
How can I prevent users for assigning extra permissions but still allow them to assign users to User Groups?
At present, it would appear that anyone able to assign User Groups is also able to assign whatever permissions they want.
I’ve built a plugin to allow control over what user groups can allocate permissions.
At the moment, you can't separate those two permissions issues. However, feel free to put in a feature request to support@buildwithcraft.com or the Google+ community.
As a workaround, here's what I have done... You can automatically assign a user to a group upon registration.
Change the permissions of your main user group to lock them out of all "Users" management permissions. Add a business logic plugin to your site (if you don't have one already).
Put this into the init method of your plugin's main class...
public function init() {
parent::init();
craft()->on('users.saveUser', function(Event $event) {
$targetGroupId = 1;
// If new user
if ($event->params['isNewUser']) {
// If "groups" is in POST
if (isset($_POST['groups'])) {
// If not an array, it's an empty string
if (!is_array($_POST['groups'])) {
// Set it to an array with the user group ID
$_POST['groups'] = array($targetGroupId);
} else {
// Merge in the user group ID with any existing ones.
$_POST['groups'] = array_merge($_POST['groups'], array($targetGroupId));
}
}
}
});
}
