ukebako8008
ukebako8008

I want to implement the following group access policy:

  • Admins - can do anything

  • Site admins - can create (manage) other Site admins, but not Admins (superusers)

If I enable "manage other administrators" for Site admins, they are able to create super users, i.e. the new users with higher access level.

What I need is to allow administration management, but not creating superusers.

voidshah
voidshah

It's my solution for:

on Plugin.php


...
use Backend\Controllers\Users as BackendUsers;
use Backend\Models\User as BackendUserModel;
use BackendAuth;
...
    public function boot()
    {
        BackendUsers::extendFormFields(function($form, $model, $context){

            if (!$model instanceof BackendUserModel)
                return;

            $backendUser = BackendAuth::getUser();
            $backendUserPermissions = json_decode($backendUser->attributes['permissions']);
            $isSuperUser = isset($backendUserPermissions->superuser);
            if ($isSuperUser) {
                return;
            }
            $form->removeField('permissions[superuser]');
        });
    }

Last updated

phplee
phplee

hi,

is there a way to hide superusers from the list of users if the user logged in isn't a superuser?

Dreqnoid
Dreqnoid

You can try to extend the backendUser model from your plugin with a scope!

1-4 of 4