I want to implement the following group access policy:

• Admins - can do anything

• Site admins - can create (manage) other Site admins, but not Admins (superusers)

If I enable "manage other administrators" for Site admins, they are able to create super users, i.e. the new users with higher access level.

What I need is to allow administration management, but not creating superusers.

It's my solution for:

on Plugin.php

...
use Backend\Controllers\Users as BackendUsers;
use Backend\Models\User as BackendUserModel;
use BackendAuth;
...
    public function boot()
    {
        BackendUsers::extendFormFields(function($form, $model, $context){

            if (!$model instanceof BackendUserModel)
                return;

            $backendUser = BackendAuth::getUser();
            $backendUserPermissions = json_decode($backendUser->attributes['permissions']);
            $isSuperUser = isset($backendUserPermissions->superuser);
            if ($isSuperUser) {
                return;
            }
            $form->removeField('permissions[superuser]');
        });
    }

Last updated 9 years ago

hi,

is there a way to hide superusers from the list of users if the user logged in isn't a superuser?

You can try to extend the backendUser model from your plugin with a scope!