[Panel] User creation confusion

(I’m not sure if I’m just missing something basic or if this is a bug, so am posting this under Questions for now.)

I’m currently using Kirby v3.2.3 and am running in to some unexpected behaviour related to new user creation from a non-Admin account.

I’ve created an editor.yml blueprint which is what most site users will be. The editor.yml configuration is very simple since they are meant to be able to do just about everything except for edit certain settings for Administrators. This is the editor.yml file:

title: Editor

permissions:
  user:
    changeLanguage: false # Cannot change own user language
    delete: false # Cannot delete own user account
  users:
    changeLanguage: false # Cannot change other users’ language

And this is the admin.yml file:

title: Admin

options: # Editors should not be able to edit most Admin settings
  changeName:
    editor: false
  changeEmail:
    editor: false
  changePassword:
    editor: false
  changeRole:
    editor: false
  delete:
    editor: false
  update:
    editor: false

There is no default.yml file.

To test this configuration, I created a dummy Editor user and then logged in to that user account. I then navigated to the Users page in the panel and clicked “Add a new user”. The new user window pops up with Name, Email, Password, and Language fields (no role radio buttons). I fill out the fields accordingly, expecting to create an Editor since non-admins can’t create admins AFAIK (I think since Kirby v3.2.1?). I then click “Create” and get the error message “You are not allowed to create this user”. The console indicates a 403 error.

It is almost as if it thinks I’m trying to create an Admin, though I’m not. Also, I’m not sure I should be able to select a language for this user if the current user’s permissions are set to users: changeLanguage: false.

These are the issues and posts I’ve referred to so far when trying to figure this out:


I’ve also had a look at a few other open issues related to user roles, and though some seem somewhat related they don’t seem to address this directly.

If anyone has any suggestions about what might be going on, it would be much appreciated! I think I can get around this by creating another role, but that seems kind of excessive since there isn’t actually any use case for it on this particular site.

Have to test this again myself, will get back to you.

Ok, I created an Editor user without any permissions etc. This user should then be able to create any role apart from admins. But turns out, this user cannot create any user, I get the same error message as you. Something is really messed up there.

Looks like this only happens if there is no further role. Because if you create a second role other than admin, the role radio field reappears.

I created an issue on GitHub:

A workaround until this is fixed would be to create another user role.

Thanks so much for taking a look, I appreciate it! And thanks for the workaround suggestion, I’ve done just that and it works as I need for now.

Thanks again!