If a user edits their own password, their user level changed. Thus making them no longer admin, but only editor.

The disabled admin level is not saved
( He shouldn't have to call me to ask why he suddenly can't see the settings anymore, and make me have to file a bugreport :) )
Bolt 3.4.6
In your app/config/permissions.yml you need to set:
roles-hierarchy:
manipulate:
admin: [ admin ]
Took a look with @bobdenotter , and we came to the conclusion that our user Frank should not be able to edit his own profile at all. He should not be able to edit any user with the role Admin, including himself.
So basically, this issue could be fixed with showing the you do not have the permissions to edit this user after you click the edit button of the user with the role you may not edit. This is the same text Hypothetical Frank sees when trying to edit a root-user, for instance.
(Maybe this was not working well, because the user has multiple roles, of whick one he should not be able to edit)
And Frank should learn to edit his password under the 'profile' button.
What actually went wrong, is that a form was submitted with a checked checkbox that was set to disabled. And checkboxes that are set to disabled are not submitted in the form. Hence the role was removed from the user.
And Frank should learn to edit his password under the 'profile' button.
Well, covering this one first as I don't agree. If a user can edit their password from that screen, then they should be able to. I'd call this one a UX related bug in that case :smile:
I think I have an idea on how to tackle this … I might need a couple of days (unless @bobdenotter has the time himself).
Well, covering this one first as I don't agree. If a user can edit their password from that screen, then they should be able to. I'd call this one a UX related bug in that case
Yup, my thoughts exactly!
Most helpful comment
Well, covering this one first as I don't agree. If a user can edit their password from that screen, then they should be able to. I'd call this one a UX related bug in that case :smile:
I think I have an idea on how to tackle this … I might need a couple of days (unless @bobdenotter has the time himself).