creating user permission to create user -- best practice?

[evan]

Hi,

I'd like to create a permission that allows users of a certain role to create users of another role -- in this case, the business owners ('editor' role) to create users with a 'vendor' role.  What's the best way to achieve this, without making them a superuser?  Too complicated, easy?

Thanks!

-evan

[ryan]

You can't do this from the admin, as user management there is intended as an administrative task. But you can use the API to check and enforce role settings specific to your needs. For example, here's how you might make a "create vendor" form: 

if(!$user->hasRole('editor')) throw new WireException("You don't have access to add users"); 

if($input->post->submit_add_user) {

  $name = $sanitizer->pageName($input->post->user); 
  $pass = $input->post->password; 

  if(empty($name) || empty($pass)) {
    echo "<h3>Name and password are required</h3>"; 

  } else if($users->get("$name")->id) {
    echo "<h3>That username is already taken</h3>"; 

  } else {
    $u = $users->add($name); 
    if(!$u->id) throw new WireException("error adding user"); 
    $u->pass = $pass;
    $u->addRole('vendor'); 
    $u->save();
    echo "<h3>Added vendor: $u->name</h3>";
  }
}

echo "
  <form action="./" method="post">
  <h2>Create new user with vendor role</h2>
  <input type='text' name='user' />
  <input type='password' name='pass' />
  <input type='submit' name='submit_add_user' />
  </form>

  ";