View Source PlausibleWeb.Site.MembershipController (Plausible v0.0.1)

This controller deals with user management via the UI in Site Settings -> People. It's important to enforce permissions in this controller.

Owner - Can manage users, can trigger a 'transfer ownership' request Admin - Can manage users Viewer - Can not access user management settings Anyone - Can accept invitations

Everything else should be explicitly disallowed.

Summary

Functions

Updates the role of a user. The user being updated could be the same or different from the user taking the action. When updating the role, it's important to enforce permissions

Functions

Link to this function

invite_member(conn, map)

View Source
Link to this function

invite_member_form(conn, params)

View Source
Link to this function

remove_member(conn, map)

View Source
Link to this function

transfer_ownership(conn, map)

View Source
Link to this function

transfer_ownership_form(conn, params)

View Source

Updates the role of a user. The user being updated could be the same or different from the user taking the action. When updating the role, it's important to enforce permissions:

Owner - Can update anyone's role except for themselves. If they want to change their own role, they have to use the 'transfer ownership' feature. Admin - Can update anyone's role except for owners. Can downgrade their own access to 'viewer'. Can promote a viewer to admin.