Ensure there is always one user with admin privileges

[thopico]

• Gitea version (or commit ref): docker image gitea/gitea:1.14.0-rootless
• Git version: 2.30.2
• Operating system: Debian buster
• Database (use [x]):
  • PostgreSQL
  • MySQL
  • MSSQL
  • SQLite
• Can you reproduce the bug at https://try.gitea.io:
  • Yes (provide example URL)
  • No (need admin privileges)
• Log gist:

Description

Hi, today doing a dumb test with my prod instance, I remove myself from the admin group (where I was alone).
This was not a big deal as I could get it back through cli, but it seems to me it would be better if Gitea prevents this kind of mistake.

Either it could check if at least one admin remains after removal, or it could disallow removing admin privileges to the logged in user?

Thanks in advance.

[wxiaoguang]

You can add admin users back by ./gitea admin ...

[thopico]

Hello @wxiaoguang
You didn't answer my question.
Nevertheless, you can decide not to address this issue, and close it. But your answer makes me doubt you have read my issue entirely (what a pity when one does make the effort to clearly define the issue).

I know ./gitea admin ..., it helped me recover admin privileges. I am just thinking about the instances whose admin has no access to the server (and therefore is not able to execute ./gitea admin ...).
But it is more like a feature, so I interpret your answer as "I don't have time for this".

Which is fine :)

Bye

[wxiaoguang]

I have read the issue. Indeed there could be a lot of "dumb" operations, for example, you set an OTP and forgot the recovery code, or you changed the password but forgot it, and even someone changes the record from database.

Since there is a way to recover the mistake, it seems not worth to check everything again and again.

ps: I closed many inactive issues recently, this issue has been a long time and seems not getting interest to get a PR. If you can propose a PR, I can help to review and approve.

[thopico]

I understand your point and agree not to make too many checks neither address every possible situation.
However, I believe (correct me if I'm wrong) admin users are relatively autonomous within the instance. For example, they have the possibility to change any user's password from the web UI (but I didn't check for the OTP case).
This is what pushed me to raise this issue : maintain this autonomy as much as possible and prohibit behavior that can dip into it (especially for behaviors that will never make sense [i.e. no admin on the instance])

I don't have time neither appropriate skills to propose a PR, and nobody else seems concerned by this issue. So it is fine to close the issue.

Thank you for your detailed answer.

[lunny]

Hi, today doing a dumb test with my prod instance, I remove myself from the admin group (where I was alone).
Could I assume that you did that in admin panel -> users?

[thopico]

Yes exactly.