Skip to content

Fix create and update super administrator#55

Merged
asengupta3 merged 14 commits intomainfrom
fix-create-administrator
Mar 30, 2026
Merged

Fix create and update super administrator#55
asengupta3 merged 14 commits intomainfrom
fix-create-administrator

Conversation

@asengupta3
Copy link
Copy Markdown
Collaborator

@asengupta3 asengupta3 commented Mar 22, 2026

Proposed changes

  1. The create/ update super admin never really existed. So this PR builds it from ground up
  2. This ticket depends on two things:
    a. This permission core PR: Feat(): Updating package and super admin permissions for admin subresource permissions-core#8
    b. Update the systems/permissions doc to include super admin permissions

Types of changes

What types of changes does this pull request introduce?

  • Bugfix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • Refactor (non-breaking change that does not add functionality but makes code cleaner or more efficient)
  • Tests (new or updated tests)
  • Styles (changes to code styling)
  • CI (continuous integration changes)
  • Other (please describe below)

Additional Notes

CCuskley
CCuskley requested changes Mar 23, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@CCuskley CCuskley left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Minor change that site_admins should be able to view super admins

Comment thread functions/levante-admin/src/users/super-admin-mutation.ts
Comment thread functions/local/src/setup-system-permissions.ts Outdated
// A site admin can change an admin's role (e.g., upgrade them to a site_admin).
// But a site_admin cannot update another admin's name or email.
admins: {
super_admin: [],
Copy link
Copy Markdown
Contributor

@CCuskley CCuskley Mar 23, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should be "read"?

CCuskley
CCuskley requested changes Mar 27, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@CCuskley CCuskley left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We need to add claims.super_admin set to true to the userClaims document for full super admin functionality to work. We are hoping to deprecate userClaims entirely, but we're not there yet...

Comment thread functions/levante-admin/src/users/super-admin-mutation.ts
adminUid: adminUidRaw,
} = params;

const customClaims = (requesterRecord.customClaims ?? {}) as Record<
Copy link
Copy Markdown
Contributor

@CCuskley CCuskley Mar 27, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Found one last issue: userClaims/{adminUid}/claims/super_admin has to be set to true for the useradmin to have full functionality (some assignment queries were failing when logged in as the new superadmin, e.g., showing no assingments in a site that has several). Tested this fix by adding manually with my new superadmin

@asengupta3 asengupta3 merged commit f18081d into main Mar 30, 2026
@asengupta3 asengupta3 deleted the fix-create-administrator branch March 30, 2026 15:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@CCuskley CCuskley CCuskley approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@asengupta3 @CCuskley