I decreased the likelihood that one of our admins accidentally submits a dangerous site config option...
This related to this issue: #6049
I wouldn't want to say it fully closes it, but is a step in safeguarding this area.
This pull request adds extra safeguards for the /internal/config area of the site. This area contains values which could cause big problems if accidentally changed. It makes sense to restrict them even more thoroughly than other parts of the internal experience.
It now makes it so that anyone with admin, super_admin or single_resource_admin Config can view this area, but only users with the role single_resource_admin Config can write to it. And they need to submit this phrase when making a change as confirmation:
My username is @your_username and this action is 100% safe and appropriate.
The details here really should not change very often, so I think this is all pretty reasonable.
Added a message to make it clear:
Also made a small tweak to /internal/permissions to make it clearer which exact permissions folks have.
Thanks to @vaidehijoshi
for being the catalyst on this.
We're a place where coders share, stay up-to-date and grow their careers.
We strive for transparency and don't collect excess data.