[web] Create super_admin role (#29082)

* Add `delete-project` and `modify-admin` admin capabilities * Add `isSuperAdmin` check * Replace frontend checks * Add requireAdminPermission middleware on disable2FA * Remove `isSuperAdmin` tag * Fix tests on admin capabilities * Replace isSuperAdmin tests by tests in admin-roles * Replace superadmin tests by admin-capabilities * Update tests: server-pro admins are superadmins * Remove "In Server Pro, all Admin users are also Super Admins" * Update tests after revert "server-pro admins are superadmins" * Create capability "delete-2fa" * Add special privileges for admins in Server Pro to preserve the existing behaviour * Reorder definitions to avoid future eslint error * Add super_admins admin-role * Add some sensible capabilityDependencies * Fix inconsistency: super_admins -> super_admin * In tests, await controller methods instead of using manual promises Co-authored-by: Andrew Rumble <andrew.rumble@overleaf.com> --------- Co-authored-by: Andrew Rumble <andrew.rumble@overleaf.com> GitOrigin-RevId: ca1fff3ead5b2001cb5d5d25de15970d55fb2c1b
2026-05-24 01:29:35 +02:00 · 2025-10-22 11:08:53 +02:00
parent 48d9964cb6
commit 205b4e54be
1 changed files with 4 additions and 0 deletions
--- a/services/web/types/admin-capabilities.ts
+++ b/services/web/types/admin-capabilities.ts
@@ -3,6 +3,9 @@ export type AdminCapability =
  | 'clear-session'
  | 'create-recurly-account'
  | 'create-subscription'
+  | 'delete-2fa'
+  | 'delete-project'
+  | 'modify-admin'
  | 'modify-feature-override'
  | 'modify-group'
  | 'modify-group-manager'
@@ -34,5 +37,6 @@ export type AdminRole =
  | 'finance'
  | 'product'
  | 'sales'
+  | 'super_admin'
  | 'support'
  | 'support_tier_1'