Force object creation through templates only
Only create users from template
Actual behavior
- Create a department
- Create a user X within department
- Declare user X as manager of department
- Create template within department
- Edit ACL "manager" so manager can read templates
- User X can both "create user" or "create user from template"
- There is no way to disable the "create user" function without disabling also "create user from template"
Expected behavior
- Having an ACL "create object from template" alongside the "create object" so we can allow the first while disallowing the second in the manager ACL role.
Step by step description of new behaviour
- Create a department
- Create a user X within department
- Declare user X as manager of department
- Create template within department
- Edit ACL "manager" so manager can read templates, not create user but can create user from templates
- User X can create user from template but not create user.
Benefits
Enforcing some rules through templating, mainly a user uid specific format that is prefixed with the department code and attributing basic roles. Manager of department are external users managing their own organization, it is important they are not allowed to create users without templates.