Contrib.social

Allow a role to be an administrator

Open on Drupal.org β†’
Created on 16 May 2023, about 1 year ago
Updated 28 July 2023, 11 months ago

Problem/Motivation

The problem comes from πŸ“Œ Ensure no roles are "admin" roles (8.x) Fixed

Does it really add anything that there is no administrator role? This does not prevent you from assigning permissions considered as "dangerous" to users who should not have them.

From my point of view I see it as a delay rather than an advance, plus if the issue πŸ“Œ Add a container parameter that can remove the special behavior of UID#1 Fixed ends up going ahead, this will not be optional.

Steps to reproduce

Install paranoia and try to assign an 'administrator' role in /admin/config/people/accounts

Proposed resolution

Revert the development made in πŸ“Œ Ensure no roles are "admin" roles (8.x) Fixed

Remaining tasks

User interface changes

N/A

API changes

N/A

Data model changes

N/A

πŸ“Œ Task
Status

Needs review

Version

1.0

Component

Code

Created by

πŸ‡ͺπŸ‡ΈSpain dcimorra

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

  • Issue created by @dcimorra
  • @dcimorra opened merge request.
  • Comment about 1 year ago β†’
    πŸ‡ͺπŸ‡ΈSpain dcimorra
  • Assigned to dcimorra
  • Status changed to Needs review about 1 year ago
  • Comment about 1 year ago β†’
    πŸ‡ͺπŸ‡ΈSpain dcimorra
  • Comment about 1 year ago β†’
    πŸ‡ΊπŸ‡ΈUnited States greggles Denver, Colorado, USA

    I think the feature you are trying to remove makes sense for this module. This module revokes some permissions from ever being assigned (I think? at least it used to) whereas the admin role concept grants all permissions to one role.

    So I'm against this proposal on concept.

  • Comment about 1 year ago β†’
    πŸ‡ͺπŸ‡ΈSpain dcimorra

    Preventing a role from not being able to be assigned the admin privilege does not limit it from not being able to be assigned permissions that can lead to security breaches. The administrator role, like any other permission has to be assigned with care, but removing it is not a solution.

    The best solution, I think, would be to delegate the administrator privilege to that role, as proposed in the related issue 540008, and that only through this role, you have this privilege.

  • Comment 11 months ago β†’
    solideogloria
contrib.social Blog FAQ Discussions
Production build 0.69.0 2024