(I’m not sure if I’m just missing something basic or if this is a bug, so am posting this under Questions for now.)
I’m currently using Kirby v3.2.3 and am running in to some unexpected behaviour related to new user creation from a non-Admin account.
I’ve created an editor.yml
blueprint which is what most site users will be. The editor.yml
configuration is very simple since they are meant to be able to do just about everything except for edit certain settings for Administrators. This is the editor.yml
file:
title: Editor
permissions:
user:
changeLanguage: false # Cannot change own user language
delete: false # Cannot delete own user account
users:
changeLanguage: false # Cannot change other users’ language
And this is the admin.yml
file:
title: Admin
options: # Editors should not be able to edit most Admin settings
changeName:
editor: false
changeEmail:
editor: false
changePassword:
editor: false
changeRole:
editor: false
delete:
editor: false
update:
editor: false
There is no default.yml
file.
To test this configuration, I created a dummy Editor user and then logged in to that user account. I then navigated to the Users page in the panel and clicked “Add a new user”. The new user window pops up with Name, Email, Password, and Language fields (no role radio buttons). I fill out the fields accordingly, expecting to create an Editor since non-admins can’t create admins AFAIK (I think since Kirby v3.2.1?). I then click “Create” and get the error message “You are not allowed to create this user”. The console indicates a 403 error.
It is almost as if it thinks I’m trying to create an Admin, though I’m not. Also, I’m not sure I should be able to select a language for this user if the current user’s permissions are set to users: changeLanguage: false
.
These are the issues and posts I’ve referred to so far when trying to figure this out:
I’ve also had a look at a few other open issues related to user roles, and though some seem somewhat related they don’t seem to address this directly.
If anyone has any suggestions about what might be going on, it would be much appreciated! I think I can get around this by creating another role, but that seems kind of excessive since there isn’t actually any use case for it on this particular site.