From 205b4e54be390c72cd70958b81d0245039faf42e Mon Sep 17 00:00:00 2001 From: Antoine Clausse Date: Wed, 22 Oct 2025 11:08:53 +0200 Subject: [PATCH] [web] Create `super_admin` role (#29082) * Add `delete-project` and `modify-admin` admin capabilities * Add `isSuperAdmin` check * Replace frontend checks * Add requireAdminPermission middleware on disable2FA * Remove `isSuperAdmin` tag * Fix tests on admin capabilities * Replace isSuperAdmin tests by tests in admin-roles * Replace superadmin tests by admin-capabilities * Update tests: server-pro admins are superadmins * Remove "In Server Pro, all Admin users are also Super Admins" * Update tests after revert "server-pro admins are superadmins" * Create capability "delete-2fa" * Add special privileges for admins in Server Pro to preserve the existing behaviour * Reorder definitions to avoid future eslint error * Add super_admins admin-role * Add some sensible capabilityDependencies * Fix inconsistency: super_admins -> super_admin * In tests, await controller methods instead of using manual promises Co-authored-by: Andrew Rumble --------- Co-authored-by: Andrew Rumble GitOrigin-RevId: ca1fff3ead5b2001cb5d5d25de15970d55fb2c1b --- services/web/types/admin-capabilities.ts | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/services/web/types/admin-capabilities.ts b/services/web/types/admin-capabilities.ts index 6061bbee20..3d4729f9cc 100644 --- a/services/web/types/admin-capabilities.ts +++ b/services/web/types/admin-capabilities.ts @@ -3,6 +3,9 @@ export type AdminCapability = | 'clear-session' | 'create-recurly-account' | 'create-subscription' + | 'delete-2fa' + | 'delete-project' + | 'modify-admin' | 'modify-feature-override' | 'modify-group' | 'modify-group-manager' @@ -34,5 +37,6 @@ export type AdminRole = | 'finance' | 'product' | 'sales' + | 'super_admin' | 'support' | 'support_tier_1'