New invited user from Penpot UI doesn't have correct "editor" rights

david.rideau

Hi,

New to this forum, I'm french, sorry for english errors

I'm trying to configure Penpot's access rights.

When I invite a new user with email address from Penpot, it does correctly send an invite email, and the new user can connect with the registration link included in the mail.

But there are two problems (in my configuration):

First, the user doesn't have the correct "editor" role that I assigned to him.
He has all privileges, he can create new teams and projects, etc.
That's not what I want, because I can't correctly administer my Penpot platform.

Second, after first login, he can't reconnect through OpenID's Cloudron interface, because I haven't created a user with this email on Cloudron.
If I create the user on Cloudron, he can connect well, but I can't restrict access to Penpot correctly based on Penpot's roles.

Is there anybody here that have faced this problem ?

Is there some docker-compose configuration on Cloudron's Penpot app that I missed in the documentation ?

Could Penpot app be configured to "leave the app manage users" ?

Thanks in advance for any feedbacks.

David

nebulon

Hi and welcome here.

Currently Penpot can only be installed with Cloudron usermanagement enabled. And that also means that only OpenID login is possible. Following your description though I was also able to invite users, which then can create an account using the invite link. Those can be assigned for example the editor role and that works, however after logging out, those user can never login it seems as they are not Cloudron users, so no OpenID will work.

I guess Penpot does not cover all use-cases with only OpenID enabled for login. I have to analyze that a bit more to understand which config is required to support both external users and Cloudron users.

nebulon

The latest package was reworked a bit and enables the password login but not the registration. This allows invited users to login.

I was not able to reproduce the issue with the editor role, this seems to work as expected for me.

david.rideau

Hi @nebulon,

I've tested the new package.

Login is now possible for invited users, it's perfect.

And editor role is now correctly applied, I don't know if it was a mistake from me at first, but it's now solved.

Thanks a lot for assistance !