Allow admins to change their permissions, but require confirmation

[mconf-daileon]

---

Author Name: Leonardo Daronco (Leonardo Daronco) Original Redmine Issue: 1789, http://dev.mconf.org/redmine/issues/1789

---

We currently block superusers from editing some of their attributes to prevent them from making mistakes. When editing their account, for example, superusers cannot make themselves normal users. However, these restrictions are usually done in the views only, so they are not really reliable.

We should allow superusers to edit these attributes, but should require confirmation when they try to change attributes that might remove their access to the website or something similar.

Some of the attributes/actions that should require confirmation are:

• Approved
• Superuser
• Disable

Note that these actions/attributes might be available in more than one place (when editing the user in @user/:id/edit@ and when managing the users in @/manage/users@, for example).

This list should include also requiring confirmation when space admins try to change their role in a space to be a normal member.

[mconf-daileon]

---

Original Redmine Comment Author Name: Leonardo Daronco (Leonardo Daronco) Original Date: 2016-04-08T17:31:42Z

---

We discussed and decided that hiding the options "approved", "superuser" and "disabled" in the view is enough to prevent superusers from making mistakes.

To only thing still missing in this issue is to add a confirmation when the admin of a space tries to make himself a normal user.