ACL level for Expert mode but not superuser

[mooomooo]

Based on commit c97177e (from issue #2094), regular users (who may have limited page permissions) can no longer edit the YAML frontmatter within the page editor. But there doesn't seem to be any way to give users complete access to pages (so editing the frontmatter wouldn't run into security issuess) but prevent them access to the rest of the admin, e.g. plugins. It would be particularly useful to have an appropriate access level below superuser but above regular user that enables expert mode.

[mahagr]

The reason why it's currently only for super user is that it gives users FULL ACCESS to the site. You can use expert mode even to change the permissions etc..

[mooomooo]

Oh interesting. How would a malicious user that starts with only the ability to edit page frontmatter thereafter enable additional permissions?

[mahagr]

He could just have edit permissions for the page, but add additional permissions to it and the child pages. Of course, we could prevent this with some additional checks, but then the issue would be what do to with additional fields, which may also cause issues.

[mooomooo]

Sure there's that, but superuser permission also enables access to sitewide configs, plugins, etc. Is it possible for a non-superuser to gain access to any functionality not associated with pages by giving access to YAML frontmatter?

If not, then I'd imagine YAML frontmatter access is not identical to superuser permissions. Basically, I'm asking about an ACL level that enables edit, delete, move, add, etc. {any page-level permissions) on every page sitewide (thus allowing YAML editing), but still disallows install / uninstall plugins, system updates, config changes, etc.

[hughbris]

I'd like to see this, too. Until I set up proper page blueprints, this seems the only way a semi-technical client of mine can edit (even see) some important frontmatter. Just viewing the frontmatter would be an improvement, so they understand where some rendered content is coming from.