(I’m not sure if I’m just missing something basic or if this is a bug, so am posting this under Questions for now.)
I’m currently using Kirby v3.2.3 and am running in to some unexpected behaviour related to new user creation from a non-Admin account.
I’ve created an
editor.yml blueprint which is what most site users will be. The
editor.yml configuration is very simple since they are meant to be able to do just about everything except for edit certain settings for Administrators. This is the
title: Editor permissions: user: changeLanguage: false # Cannot change own user language delete: false # Cannot delete own user account users: changeLanguage: false # Cannot change other users’ language
And this is the
title: Admin options: # Editors should not be able to edit most Admin settings changeName: editor: false changeEmail: editor: false changePassword: editor: false changeRole: editor: false delete: editor: false update: editor: false
There is no
To test this configuration, I created a dummy Editor user and then logged in to that user account. I then navigated to the Users page in the panel and clicked “Add a new user”. The new user window pops up with Name, Email, Password, and Language fields (no role radio buttons). I fill out the fields accordingly, expecting to create an Editor since non-admins can’t create admins AFAIK (I think since Kirby v3.2.1?). I then click “Create” and get the error message “You are not allowed to create this user”. The console indicates a 403 error.
It is almost as if it thinks I’m trying to create an Admin, though I’m not. Also, I’m not sure I should be able to select a language for this user if the current user’s permissions are set to
users: changeLanguage: false.
These are the issues and posts I’ve referred to so far when trying to figure this out:
I’ve also had a look at a few other open issues related to user roles, and though some seem somewhat related they don’t seem to address this directly.
If anyone has any suggestions about what might be going on, it would be much appreciated! I think I can get around this by creating another role, but that seems kind of excessive since there isn’t actually any use case for it on this particular site.