Harden permission management

[SamuelWei]

Type (Highlight the corresponding type)

• Bugfix
• Feature
• Documentation
• Refactoring (e.g. Style updates, Test implementation, etc.)
• Other (please describe):

Checklist

• Code updated to current develop branch head
• Passes CI checks
• Is a part of an issue
• Tests added for the bugfix or newly implemented feature, describe below why if not
• Changelog is updated
• Documentation of code and features exists

Changes

• Prevent non-superusers from deleting or editing superusers
• Prevent non-superusers from assigning the superuser role to other users
• Environment variable for configuring restricted permissions that cannot be assigned to non-superuser roles
• Display raw permission names in the admin interface
• Real-time input validation on create superuser command

[codecov]

Codecov Report

Attention: Patch coverage is 74.35897% with 20 lines in your changes missing coverage. Please review.

Project coverage is 81.07%. Comparing base (b030a62) to head (6b34c08).

Files with missing lines	Patch %	Lines
resources/js/views/AdminRolesView.vue	0.00%	13 Missing ⚠️
resources/js/policies/UserPolicy.js	0.00%	4 Missing ⚠️
app/Models/Role.php	93.33%	1 Missing ⚠️
resources/js/components/UserTabSection.vue	75.00%	1 Missing ⚠️
resources/js/views/AdminUsersNew.vue	0.00%	1 Missing ⚠️

Additional details and impacted files

@@              Coverage Diff              @@
##             develop    #1651      +/-   ##
=============================================
+ Coverage      81.01%   81.07%   +0.05%     
- Complexity      1340     1351      +11     
=============================================
  Files            361      361              
  Lines           9225     9269      +44     
  Branches         853      860       +7     
=============================================
+ Hits            7474     7515      +41     
- Misses          1751     1754       +3     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[cypress]

PILOS    Run #1509

Run Properties:   Passed #1509  •  6b34c08e84: Harden permission management

Project	PILOS
Branch Review	harden-permission-management
Run status	Passed #1509
Run duration	04m 51s
Commit	6b34c08e84: Harden permission management
Committer	Samuel Weirich
View all properties for this run ↗︎

---

Test results
Failures	0
Flaky	0
Pending	0
Skipped	0
Passing	237
View all changes introduced in this branch ↗︎

[SamuelWei]

[danielmachill]

many more codecov warnings than usual. not sure if this is an issue here

[danielmachill]

actions allowed to perform are not abilities? not 100% sure what this is supposed to mean

[SamuelWei]

The ideas is: Permissions usually decide what a user can / cannot do. Inside a room there is an additional permission system in place where the role of a user in the room influences what the user can / cannot do.
Do you have suggestions how this could be communicated in a more clear way?

[SamuelWei]

many more codecov warnings than usual. not sure if this is an issue here

If you look at the details of the report, you can see that most sections are 100% covered and the sections with no changes / decreases are not covered yet by frontend tests.