fix(users): remove required roles input when editing user + prevent owner's roles from being edited

fixes #239
2025-04-19 13:01:19 +00:00 · 2022-09-07 09:33:10 +00:00 · 2022-09-07 09:33:10 +00:00 · 1c8af7550b
commit 1c8af7550b
parent 7512e2ed1f
5 changed files with 34 additions and 5 deletions
--- a/modules/Admin/Controllers/UserController.php
+++ b/modules/Admin/Controllers/UserController.php
@ -143,6 +143,17 @@ class UserController extends BaseController
        $authorize = Services::authorization();

        $roles = $this->request->getPost('roles');
+
+        if ($this->user->isOwner) {
+            return redirect()
+                ->back()
+                ->with('errors', [
+                    lang('User.messages.editOwnerError', [
+                        'username' => $this->user->username,
+                    ]),
+                ]);
+        }
+
        $authorize->setUserGroups($this->user->id, $roles ?? []);

        // Success!
--- a/modules/Admin/Language/en/User.php
+++ b/modules/Admin/Language/en/User.php
@ -45,6 +45,8 @@ return [
            '{username} will be prompted with a password reset upon next visit.',
        'banSuccess' => '{username} has been banned.',
        'unbanSuccess' => '{username} has been unbanned.',
+        'editOwnerError' =>
+            '{username} is the instance owner, you cannot edit its roles.',
        'banSuperAdminError' =>
            '{username} is a superadmin, one does not simply ban a superadmin…',
        'deleteSuperAdminError' =>
--- a/modules/Auth/Entities/User.php
+++ b/modules/Auth/Entities/User.php
@ -13,6 +13,7 @@ namespace Modules\Auth\Entities;
 use App\Entities\Podcast;
 use App\Models\NotificationModel;
 use App\Models\PodcastModel;
+use App\Models\UserModel;
 use Myth\Auth\Entities\User as MythAuthUser;
 use RuntimeException;

@ -31,6 +32,8 @@ use RuntimeException;
 */
 class User extends MythAuthUser
 {
+    public bool $is_owner;
+
    /**
     * @var Podcast[]|null
     */
@ -54,6 +57,17 @@ class User extends MythAuthUser
        'podcast_role' => '?string',
    ];

+    public function getIsOwner(): bool
+    {
+        $firstUser = (new UserModel())->first();
+
+        if (! $firstUser instanceof self) {
+            return false;
+        }
+
+        return $this->username === $firstUser->username;
+    }
+
    /**
     * Returns the podcasts the user is contributing to
     *
--- a/themes/cp_admin/user/edit.php
+++ b/themes/cp_admin/user/edit.php
@ -23,7 +23,6 @@
    id="roles"
    name="roles[]"
    label="<?= lang('User.form.roles') ?>"
-    required="true"
    options="<?= esc(json_encode($roleOptions)) ?>"
    selected="<?= esc(json_encode($user->roles)) ?>" />

--- a/themes/cp_admin/user/list.php
+++ b/themes/cp_admin/user/list.php
@ -30,10 +30,13 @@
        [
            'header' => lang('User.list.roles'),
            'cell' => function ($user) {
-                return implode(',', $user->roles) .
-                    '<IconButton uri="' . route_to('user-edit', $user->id) . '" glyph="edit" variant="info">' . lang('User.edit_roles', [
-                        'username' => esc($user->username),
-                    ]) . '</IconButton>';
+                if ($user->isOwner) {
+                    return 'owner, ' . implode(',', $user->roles);
+                }
+
+                return implode(',', $user->roles) . '<IconButton uri="' . route_to('user-edit', $user->id) . '" glyph="edit" variant="info">' . lang('User.edit_roles', [
+                    'username' => esc($user->username),
+                ]) . '</IconButton>';
            },
        ],
        [