Question: Add Additional Admin

[Aetherinox]

I looked through the documentation, but I can't seem to find anything.

Is their a way to add an additional admin to the site? Either through CURL, or maybe a way to get the feature added to the admin panel?

---

In other news, thanks for the update today and the fix for literal newlines

Not sure if you've updated your demo site or not. I couldn't get it to work properly on yours, so I updated mine and it works good.

[thomiceli]

Yeah this would be a good addition, for now it's simply UPDATE users SET is_admin = 1 WHERE id = ? in sqlite

[Aetherinox]

Ah, you mean manually editing the opengist .db file using sqlite. I assume opengist would need to be shut down and restarted before and after the edit.

Yeah, a feature like that would be awesome.

[thomiceli]

It doesn't need to be restarted actually

[Aetherinox]

I don't know what is going on, but I found the opengist.db file, and it is almost impossible to edit. Docker is shut down just so the file wasn't in-use by chance.

Tried opening in DB Lite browser, and all it says is "unable to open database". Even set the file ownership to root as a last ditch measure to ensure security wasn't a problem, and it refuses to open. Which is how I normally edit the DBs, guess I'll try sqlite3

Yeah, sqlite3 doesn't work either. It complains about it being a read-only database, despite the permissions being set to ridiuclous levels.

I chmod 0755 to the entire folder with the DB, and then it complains that it just can't open the database.

Edit: I got it, but it was a royal pain. After I set the permissions and chown the entire folder to the user, it would not let me edit it using terminal's sqlite3, however, I could then go back into the DB Lite browser and make the changes that way. Makes no sense, but that was the most pain in the rear process I've ever had with a database. Not sure what is up with it. Never seen that before.

[Aetherinox]

lol, saw your reaction. No worries, I managed to get the admin added, my system for some reason just made it a god awful pain. I know it's not your fault.

Just something to do with however it's set up, and sqlite3.

A setting later might be great. I'd hate to do that again, but I know you're busy with stuff. I'm just happy the other issue with literal newlines being fixed.

[thomiceli]

Actually i tried to open the database on a Windows machine (running WSL) and it was locked aswell, I will investigate but it's prob a library issue.
No issues on unix

[Aetherinox]

That's weird, I had the opposite. Windows worked right out of box, Linux was locked as read-only. I wanted to use sqlite3 through command-line since it's easier to just run a command, but the only way I could get it to work was downloading the appimage for the SQLite Database manager.

[jolheiser]

This would also be useful for me, and I wouldn't mind implementing it.

I think an admin command could be added that allows the sysadmin (or equivalent) to set admin status for users as a backup plan:
opengist admin set-admin <user> true|false
or
opengist admin edit-user --admin=true <user>
(feel free to suggest an alternative)

Which then just leaves a UI-centric way to do it potentially:

1. As an admin, I should be able to set other users to admin.
2. The question then becomes, should admins be able to set other admins back to regular users?
   I personally think that's fine because of the above CLI addition as a backup but I would like to hear if anyone thinks otherwise.

Another alternative would be adding a third permission hierarchy (Admin -> Psuedo-admin/Moderator/etc -> User), but that might be too much for the issue at hand.

[Aetherinox]

Honestly, it should probably come down to three groups if you want to keep it simple.

• Owner / Super Admin
• Admin
• User

The only reason for that being protection. Obviously the first registered user would be super admin, and that would give them immunity from being demoted, and it could be as simple as just using an integer, 0 = user, 1 = admin, 2 = super.

Doesn't have to be a in-depth permission system, just a way to ensure the actual owner of the site doesn't get voted off the island.

If Thomi wants to implement a permission system later, then that can be another project. I would hope for the time being, people aren't giving admin to others they don't absolutely trust.

The only reason I asked for it wasn't to give someone else admin, but to promote another account of mine so that I could manage the settings from either one. I don't really need anyone else being admin on my site. It's just a pain to sign in and out.

[jolheiser]

just a way to ensure the actual owner of the site doesn't get voted off the island.

That was my concern as well, but I figured the CLI would be a good backup, assuming the "owner" also has shell access to use it, they could fairly easily reclaim it as needed.

[Aetherinox]

15 years in development; I've learned one thing. Never assume. Logically, you'd think that the owner of a website would have some type of access to reclaim if the worst were to happen. But I've learned that not everyone thinks this way.

Somewhere, someone will defy logic, and they'll do something to get their ownership revoked. It's just the nature of the beast. Some people are too giving with credentials. I have no idea why, but it does happen.

And if the developer doesn't keep that in check, they'll be blamed for someone else's inability to properly manage their system.

[thomiceli]

I thought about and dig the CLI idea, of course I understand the permission system with the super admin, and maybe I'm wrong but if an evil admin has access to the CLI, he has access to the database therefore this system becomes irrelevant