Is there a way to set up in the panel that a user role can create new users, but not assign the Admin role? Also, the user should not be able to edit users or see the Admin role.
I want to allow the customer to create users with certain roles, but I want to keep the Admin role only on my side.
Ah, I see. At the moment hiding the admin users completely will not work with blueprint configuration unfortunately.
What you could do is to replace the Users class. In your overridden class, you could then check the role of the current user and if it’s team, filter out all users with the admin role from the result set.
@lukasbestle Where I can find maybe a User Class example?
I tried a bit, but I guess I need to dive a bit deeper in the existing kirby code.
plugins/users-restricion/index.php
<?php
require_once 'vendor/getkirby/cms/bootstrap.php';
require 'classes/user-restriction.php';
use mg\core\CustomUsersView;
echo (new CustomUsersView)->render();
<?php
namespace mg\core;
use Kirby\Cms\Users;
class CustomUsersView extends Users
{
public static function all(array $options = [])
{
// Get the current user
$currentUser = kirby()->user();
// Fetch all users using the parent Users class
$users = parent::all($options);
// If the current user is not an admin, filter out admin users
if ($currentUser && $currentUser->isAdmin()) {
return $users->filter(function ($user) {
return $user->isAdmin() === false;
});
}
// Admins can see all users
return $users;
}
}
There is no full example for the Users class, however you can use the Site example as a starting point.
What’s important to know is that your custom Users class does not have (and does not need to have) a render() method. So your code will break in your index.php because you are trying to replace the Kirby instance with an instance of your CustomUsersView. Instead, you need to replace the Kirby class and return your custom Users object from that (like in the Site example, where the custom Kirby class returns a custom Site object).
Just set the permissions for that user role to allow user creation but block access to the Admin role. This way, they can create users without editing or seeing Admins.