This forum has moved to a new location and is in read-only mode. Please visit talk.octobercms.com to access the new location.

phplee
phplee

HI,

I want to be able to restrict administrators so they can't see/manage superuser. Sees odd that a user who is not a superuser can manage superusers.

Is there a way to hide them from the list. ive seen this to hide the form field but its not enough.

 BackendUsers::extendFormFields(function($form, $model, $context){

        if (!$model instanceof BackendUserModel)
            return;

        $backendUser = BackendAuth::getUser();
        $backendUserPermissions = json_decode($backendUser->attributes['permissions']);
        $isSuperUser = isset($backendUserPermissions->superuser);
        if ($isSuperUser) {
            return;
        }
        $form->removeField('permissions[superuser]');
    });
Pavel Chernov
Pavel Chernov

Try this:

use BackendAuth;
use Backend\Models\User as BackendUserModel;

...

public function boot() {
    Event::listen('backend.list.extendQuery', function($widget, $query){
        if (!$widget->model instanceof BackendUserModel) 
            return;

        $backendUser = BackendAuth::getUser();
        if ((int) $backendUser->is_superuser) {
            return;
        }
        $query->where('is_superuser', 0);

    });
}
phplee
phplee

it worked thanks. but noticed it doesn't really solve my problem now as non superusers can still assign them selves as super users if they edit or add new user. Plus they canmanage the super user group if they click manage groups. Was thinking of removing the option like this but doesn't work

 BackendUsers::extendFormFields(function($form, $model, $context){

        if (!$model instanceof BackendUserModel)
            return;

        $backendUser = BackendAuth::getUser();
        $backendUserPermissions = json_decode($backendUser->attributes['permissions']);
        $isSuperUser = isset($backendUserPermissions->superuser);
        if ($isSuperUser) {
            return;
        }
        $form->removeField('permissions[superuser]');
    });
Pavel Chernov
Pavel Chernov

In my project on the latest version of October, non superuser doesn't have a switch "Super User" without any additional actions. But still can edit any groups unfortunately.

Last updated

phplee
phplee

Thanks for the input. Hiding superuser from the list of users works at first glance but would be good to hide superuser on the forms.

I think it would be best for October to have another system permission 'Manage Superusers'

not sure how i would request it though...

1-5 of 5

You cannot edit posts or make replies: the forum has moved to talk.octobercms.com.