-
Notifications
You must be signed in to change notification settings - Fork 333
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[2010-04-08] Don't allow admins to detract themselves admin rights #730
Comments
comment by: @chillu (ischommer) Good point. We'd also need to warn when removing CMS_ACCESS_SecurityAdmin or ROLE_ASSIGN permissions - it can get quite tricky to figure out which rights are necessary for a user to perform the current action without actually executing it. |
comment by: @sminnee (sminnee) This is still an issue in SS3, although it doesn't affect things until you press save, at least. |
comment by: @wilr (wrossiter) Worth migrating as it is defiantly something to fix from a UX view. |
Looking at this now at this will probably check if the current user id is the same as the member id in Member::getCMSField and if it is will add the administrator group id to the setDisableditems method of the list box |
Have looked at this and have created the following branch where when a admin tries to remove there admin permissions a warming advising they are removing their own admin is produced. https://github.com/silverstripe-rebelalliance/sapphire/tree/dontRemoveAdmin Have not raised a pull request yet as I know I will have to create a unit test for this and I have been experiencing issues with getting Behat tests to work |
Started working on the Behat test for this but I am having problems getting Behat to work with alert boxes tried the following steps And I dismiss the dialog However a I get the following error so what I will need to find out is does Behat actually support alert boxes? [WebDriver\Exception\UnexpectedAlertOpen] Modal dialog present: Warning you are removing ADMIN permissions from your own member profile |
Are you still having this issue? Because all you need is a tag "@modal" infront of the scenario I believe. |
I did get around this by using the css selector and confirming the dialog, it did require a new function to be added to the silverstripe-behat-extension module so a pull request has been opened for this. Scenario: I receive a warning when trying to remove my own admin permissions |
Acceptance Criteria
Notes
clearableValue: false
see Use react-select for react-based dropdowns (SingleSelectField and MultiSelectField) silverstripe-admin#52 and https://github.com/JedWatson/react-select#multiselect-options)Original Ticket
created by: suntrop
created at: 2010-04-08
original ticket: http://open.silverstripe.org/ticket/5370
Administrators can detract themselves admin rights.
If someone clicks (like I did) at the wrong point in the drop-down list your rights are gone (thanks to AJAX ;-) '''without any warning'''.
I think it would be good to warn the user or deny that kind of action.
See also: http://www.silverstripe.org/general-questions/show/282374?showPost=282378
The text was updated successfully, but these errors were encountered: