-
-
Notifications
You must be signed in to change notification settings - Fork 6
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Created users cannot perform admin tasks #18
Comments
That’s a great point, and something I’d not considered. I’ll need to look at what our options are here on this front. You’re right that when the session expires, that pop up shows the login buttons for Social Login again, and we might need to see if that can be done for the elevated session pop up. There’s also complications on that as well, as we don’t want any user to elevate their session through simply logging into social media. And having a password reset would be against the goals for the plugin to use another service as your login provider. I’ll have to investigate, but for now that’s not going to work sorry. |
Thanks for coming back so quickly. Glad you agree, and I understand it's not a super easy one to solve. I can kinda circumvent it now by managing expectations that users created with this plugin can't be admins, but would be nice if they could be. Will wait to hear back from you but if I can provide anything further to help with this issue, please tag me. |
Yeah not an amazing situation. Or at the very least if they want to be an admin, they have to create a password with Craft (which is just for the elevated session). |
Yeah but the problem is, if you're already logged in you need a password to change your password, as changing your own password prompts you for your current password. You would have to have the root admin/an existing passworded admin copy your password reset URL so that you could do it without elevated access. But then I think you'd also need to log out before visiting that link but I haven't tried that. Also I just upgraded to Craft 4.7.1 and the problem persists there. I know we already knew it would but just because my current version is no longer 4.5.5 |
Describe the bug
I have an issue where users created via this plugin, and promoted to have admin, are not able to perform some admin tasks (such as adding admin to other users). This is because users created by this plugin do not have a password, and so can't enter anything into the popup that comes with certain admin tasks.
I can't find anything in the documentation on how to circumvent this without using the root account (which isn't controlled by this plugin) to either manually set a password to users, or add that admin privilege.
What is the preferred way to go about this?
I have noticed that the login expiry popup has a password field and an "or log in with social options" under it. Could it be that this is just missing from the admin popup? My thoughts were that creating a user via the social plugin should/could trigger the password reset email so that new users are encouraged to set a password, but it feels a little strange to force new users to create a password that they don't need.
Steps to reproduce
Craft CMS version
4.5.5
Plugin version
1.0.9
Multi-site?
no
Additional context
No response
The text was updated successfully, but these errors were encountered: