New invited user from Penpot UI doesn't have correct "editor" rights
-
wrote on Feb 26, 2024, 10:45 AM last edited by
Hi,
New to this forum, I'm french, sorry for english errors
I'm trying to configure Penpot's access rights.
When I invite a new user with email address from Penpot, it does correctly send an invite email, and the new user can connect with the registration link included in the mail.
But there are two problems (in my configuration):
First, the user doesn't have the correct "editor" role that I assigned to him.
He has all privileges, he can create new teams and projects, etc.
That's not what I want, because I can't correctly administer my Penpot platform.Second, after first login, he can't reconnect through OpenID's Cloudron interface, because I haven't created a user with this email on Cloudron.
If I create the user on Cloudron, he can connect well, but I can't restrict access to Penpot correctly based on Penpot's roles.Is there anybody here that have faced this problem ?
Is there some docker-compose configuration on Cloudron's Penpot app that I missed in the documentation ?
Could Penpot app be configured to "leave the app manage users" ?
Thanks in advance for any feedbacks.
David
-
Staffwrote on Feb 27, 2024, 10:04 AM last edited by nebulon Feb 27, 2024, 10:04 AM
Hi and welcome here.
Currently Penpot can only be installed with Cloudron usermanagement enabled. And that also means that only OpenID login is possible. Following your description though I was also able to invite users, which then can create an account using the invite link. Those can be assigned for example the editor role and that works, however after logging out, those user can never login it seems as they are not Cloudron users, so no OpenID will work.
I guess Penpot does not cover all use-cases with only OpenID enabled for login. I have to analyze that a bit more to understand which config is required to support both external users and Cloudron users.
-
N nebulon marked this topic as a question on Feb 28, 2024, 12:01 PM
-
The latest package was reworked a bit and enables the password login but not the registration. This allows invited users to login.
I was not able to reproduce the issue with the editor role, this seems to work as expected for me.
-
wrote on Mar 10, 2024, 2:10 PM last edited by
Hi @nebulon,
I've tested the new package.
Login is now possible for invited users, it's perfect.
And editor role is now correctly applied, I don't know if it was a mistake from me at first, but it's now solved.
Thanks a lot for assistance !
-
N nebulon has marked this topic as solved on Mar 10, 2024, 2:14 PM