This started out as a simple change ...
I noticed that group_root could not delete users from projects. Seems like we should allow that, but with the restriction that a group_root cannot delete another group_root. Simple enough, right? Well thats not how the permission system works; permission to do stuff to users is based on who you are in the project, not who you are doing it to. And then there are the subtle differences in permission handling between the Classic interface and the Portal interface. And I am fully unmotivated to fix anything in the Classic interface, hard to believe? Anyway, most people are not going to notice anything since the bulk of the changes affect sub groups. Sigh.
Showing with 126 additions and 32 deletions