Files
notifications-admin/app/templates/views/manage-users/permissions.html
Ben Thorner 6d0d9d46f7 Prevent switching auth type for Platform Admins
This closes a security loophole, where the auth type of a Platform
Admin could be unwittingly changed when they accept an invite, or
by an admin of a service they are a member of.
2021-05-25 16:01:25 +01:00

28 lines
835 B
HTML

{% from "components/radios.html" import radio, radios, conditional_radio_panel %}
{{ form.permissions_field }}
{% if form.folder_permissions.all_template_folders %}
{{ form.folder_permissions }}
{% elif user and user.platform_admin %}
<p class="bottom-gutter">
Platform admin users can access all template folders.
</p>
{% endif %}
{% if service_has_email_auth %}
{% if user.platform_admin %}
<p class="bottom-gutter">
Platform admin users will login with a security key.
</p>
{% elif not mobile_number %}
{{ radios(
form.login_authentication,
disable=['sms_auth'],
option_hints={'sms_auth': 'Not available because this team member has not added a phone&nbsp;number to their profile'|safe}
) }}
{% else %}
{{ radios(form.login_authentication) }}
{% endif %}
{% endif %}