By reading other topics in the forum I came up with a simple code that hides Admin roles and Admin users from the user management.
With filterUser and filterRole:
def filterUser(self, user):
Called for each user loaded into the management table. Return false to
hide this user from the management table. This code is executed in a
Arguments: self: A reference to the component that is invoking this function. user: The user object itself. Call user.get('propertyName') to inspect. Common properties: 'username', 'schedule', 'language'. Call user.getRoles() for a list of rolenames. """ userName = system.security.getUsername() # logged in user userIn = system.user.getUser("", userName) rolesIn = userIn.roles # roles for current user roleNames = user.getRoles() # inspect user role loaded in management table if "Administrator" in roleNames: return 0 else: return 1
def filterRole(self, role):
Called for each role loaded into the management table. Return false to
hide this role from the management table. This code is executed in a
Arguments: self: A reference to the component that is invoking this function. role: The role name. """ if role == "Administrator": return 0 else: return 1
I have three roles: Administrator, Maintenance, Operator. All of them can edit the user management table.
The bug is: when I delete the current user with non-admin roles, all Admin users and roles start showing in the table, meaning that it is possible to change them.
I wonder, who is really logged in when I delete the current user?