I understand to create a new user, one should use user.signUp()
to get username/email checking and password encryption. The user is returned and the currentUser()
is set the newly created user.
And that’s precisely the problem. In cases where you have an admin adding privileged users to the system, when they signUp()
a new user, they BECOME the new user, with the obvious confusion that implies on the front end and the unexpected loss of admin privileges.
Is there a way to prevent this from happening? I couldn’t find anything in the docs, but this is a very common pattern …where an admin has to manage other users and permissions. If not, how can I work around this?
Appreciate any thoughts …