This repository was archived by the owner on Feb 12, 2018. It is now read-only.
This repository was archived by the owner on Feb 12, 2018. It is now read-only.
restricting roles using "Allowed Roles" does not stop user from deleting other user from ALL roles #32
Description
anyone who has access to the "Roles" tab in the module for any Role can remove another user from ANY role, not just the ones selected via "Allowed Roles". This includes removing them even from the "Administrator" role.