Is there any way to prevent the creation of new admin users from the panel?
I’d love to give the admin access to a client but they’ll be able to create new users for a restricted area and I’m sure they will accidentally create ad admin user instead so I’d really like to avoid that.
There doesn’t seem to be an option apart from a user.create:before hook or maybe a custom User class.
Something like
permissions:
users:
create:
- client
unfortunately, does not work.
This looks like a very weird omission honestly and it would make total sense to have it in the core. I’ll add it as a suggestion on nolt.
Done: More granular control of the roles available to be created · Kirby Feedback
Immediately upvoted
Now that I think about it, the same approach could be used to limit other things, for example
permissions:
pages:
delete:
- post
That permission can already be set in the page blueprints. But I think we need some unified approach towards permissions. The current implementation is rather limited and there are too many places where permissions can be set (all sorts of blueprints, additionally hooks, custom models…).
Edit: Ohhh I think I misunderstood. He should be able to create users, but not admins?
How about a new role with every permission except users?
I would argue admin is admin for a reason
title: SlightlyUnderpoweredAdmin
permissions:
access:
*: true
files:
*: true
languages:
*: true
pages:
*: true
site:
*: true
user:
*: true
users:
*: false
Correct, I want the current admins to only be able to create new users with roles that are not admin. Essentially I want the admins to only be the two I have created, mine and the client’s one.
I don’t want to risk them being able to create an admin user by accident.
Are there different non-admin roles?
How about a hook that checks the role and changes it from admin to editor after a user is created?
It’s not fancy, but should work for your case.
I agree with the permission system being too scattered and sometimes not granular enough.