View Source PlausibleWeb.Site.MembershipController (Plausible v0.0.1)
This controller deals with user management via the UI in Site Settings -> People. It's important to enforce permissions in this controller.
Owner - Can manage users, can trigger a 'transfer ownership' request Admin - Can manage users Viewer - Can not access user management settings Anyone - Can accept invitations
Everything else should be explicitly disallowed.
Link to this section Summary
Functions
Updates the role of a user. The user being updated could be the same or different from the user taking the action. When updating the role, it's important to enforce permissions
Link to this section Functions
Updates the role of a user. The user being updated could be the same or different from the user taking the action. When updating the role, it's important to enforce permissions:
Owner - Can update anyone's role except for themselves. If they want to change their own role, they have to use the 'transfer ownership' feature. Admin - Can update anyone's role except for owners. Can downgrade their own access to 'viewer'. Can promote a viewer to admin.