Admin Role appears able to edit Super Administrator #510
Comments
|
That would be a bug in the role editing UI, you can't actually save permissions against the super admin role, and as you've noted the behavior is that your changes are ignored. The bug here is that the UI allows you to edit the permissions. |
|
Fixed, will be released in 0.10.3 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The site I'm building in v0.10.1 has three users so far. Super Administrator (me the developer), Anonymous and a new Admin for the person who is going to be the everyday administrator. It is plain vanilla so no User Areas or special/modified code anywhere.
Admin has all the User, Role and Admin Module tickboxes ticked so they can create, edit and delete other users and roles as they may wish. When I log in as Admin and try to delete Super Admin, a message appears saying "You need to be in the super admin role to update this user.". Great. If I then try to edit the Super Admin role the system lets me, no warning. I can untick the box so Super Admin can no longer Delete or Edit Roles then click Save. I find that scary. When I go back into the Super Admin Role, the unticked tickbox is re-ticked so it appears no change was made.
Am I supposed to have set up some permission or validation code to stop the Admin thinking they can edit the Super Admin?
The text was updated successfully, but these errors were encountered: