[6.x] Add config to control default state of Super Admin toggle#14927
Open
stoffelio wants to merge 1 commit into
Open
[6.x] Add config to control default state of Super Admin toggle#14927stoffelio wants to merge 1 commit into
stoffelio wants to merge 1 commit into
Conversation
The user creation wizard defaults the "Super Admin" toggle to on for any super user creating an account, making it easy to grant super admin unintentionally. This adds a `statamic.users.wizard_default_super` config option (default `true`, preserving current behaviour) so the toggle can be made an explicit opt-in by setting it to `false`. The toggle default is still gated on `canCreateSupers`, so a non-super creator can never end up with a pre-checked super toggle, and the server-side guard in the store method is unchanged. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Member
|
I don't think we need the config. We can just make it default to off. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
When creating a new user via the control panel wizard, the system currently only checks if the authenticated user is allowed to create new super users. If so, the "Super User" toggle is always active by default. This is risky as it can easily be overlooked when creating new users, giving people full access to the app that were never meant to get those privileges.
One of my clients has specifically asked to have this toggled off by default, as they create a lot of subscriber accounts via the wizard and are worried that one of their staff might forget to switch the toggle.
This PR adds a new user config variable to do just that. Everything defaults back to the old behavior, so unless the config variable is added and explicitly set to false, nothing will change.
Tests courtesy of Claude.
Closes statamic/ideas#1467