Skip to content

refactor(auth): rename SuperAdmin to Superuser#434

Merged
fpindej merged 4 commits into
masterfrom
refactor/superadmin-only-protection
Mar 8, 2026
Merged

refactor(auth): rename SuperAdmin to Superuser#434
fpindej merged 4 commits into
masterfrom
refactor/superadmin-only-protection

Conversation

@fpindej

@fpindej fpindej commented Mar 8, 2026

Copy link
Copy Markdown
Owner

Summary

  • Rename the SuperAdmin role to Superuser across backend, frontend, tests, docs, and skills
  • Narrow last-admin protection to Superuser only - Admin users can now be freely managed
  • Add Superuser credential prompting to init.sh / init.ps1 (--email, --password flags) instead of hardcoded defaults

Breaking Changes

  • SuperAdmin role renamed to Superuser - existing databases with seeded SuperAdmin role will need the role name updated manually (or re-seed)
  • appsettings.Development.json seed section now uses {INIT_SUPERUSER_EMAIL} / {INIT_SUPERUSER_PASSWORD} placeholders - requires running init script

Test Plan

  • Backend: dotnet build && dotnet test -c Release (1,041 tests pass)
  • Frontend: pnpm run test && pnpm run check
  • Verify init script prompts for Superuser email/password
  • Verify --yes flag uses defaults (admin@localhost / Admin123!)
  • Verify Superuser self-deletion is blocked when last Superuser
  • Verify Admin user can be deleted even when last Admin

@fpindej fpindej force-pushed the refactor/superadmin-only-protection branch from 9256bf4 to 424c8ed Compare March 8, 2026 20:16
@fpindej fpindej changed the title refactor(auth): narrow last-admin protection to SuperAdmin only refactor(auth): rename SuperAdmin to Superuser Mar 8, 2026
@fpindej fpindej added backend Backend (.NET) frontend Frontend (SvelteKit) feature New feature or enhancement security Security-related issues documentation Improvements or additions to documentation labels Mar 8, 2026
fpindej added 3 commits March 8, 2026 21:20
Rename the SuperAdmin role to Superuser across the entire codebase.
Only the Superuser role is now protected from removal/deletion -
Admin role holders can be freely managed. Seed only a single
Superuser in development.
@fpindej fpindej force-pushed the refactor/superadmin-only-protection branch from 8b4a953 to 9cf131d Compare March 8, 2026 20:20
@fpindej fpindej self-assigned this Mar 8, 2026
…rden init script

- Rename LastAdminCannotDelete to LastSuperuserCannotDelete
- Rename EnforceLastAdminProtection* to EnforceLastSuperuserProtection*
- Rename superAdminRole variable to superuserRole
- Add DeleteUser_LastSuperuser_ReturnsFailure test
- Use silent password prompt (read -sp) in init.sh
- Escape sed-special chars in password substitution
@fpindej fpindej merged commit e7aecf4 into master Mar 8, 2026
1 check passed
@fpindej fpindej deleted the refactor/superadmin-only-protection branch March 8, 2026 20:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

backend Backend (.NET) documentation Improvements or additions to documentation feature New feature or enhancement frontend Frontend (SvelteKit) security Security-related issues

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant