Administration

Table of contents

  1. Overview
  2. How It Works
  3. Administration Dashboard
  4. Administration Menu
  5. Profile Details
  6. Edit Details
  7. Reset Password
  8. Account Status
  9. Delete Account
  10. Manage Access Control Levels (ACLs)


1. Overview Table of Contents

Administration features can be accessed by any user who belongs to the admin group. This frame work supports the ability for administrators to perform the following tasks:

  1. Access the administration dashboard
  2. View list of all users
  3. View and edit user profiles (useful if a user violates any terms of service agreements)
  4. Set the reset and unset the reset password flag for a user
  5. Activate or deactivate users
  6. Delete users
  7. Manage Access Control Levels (ACLs)

⚠️ Security Tip: Only trusted users should be assigned administrator rights. Admins have full visibility and control over user accounts and system roles.


2. How It Works Table of Contents

A user is granted admin access if their ACL includes "Admin". You can manage ACLs for any user through the admin profile edit form.

if ($user->hasAcl('Admin')) {
    // Show admin dashboard
}

Admin-specific routes are protected by ACL checks defined in acl.json. Only users with access to the "Admindashboard" controller and its actions will be allowed to view these pages.


3. Administration Dashboard Table of Contents

The administration dashboard is easily accessible by any user in the admin group by clicking on the Admin link in the navigation panel. Once at the Administration Dashboard the user is presented with a list of all users. An example of the Administration Dashboard view is shown below in figure 1:

Administration dashboard index view

Figure 1 - Administration dashboard index view

Admins can click buttons to view, edit, reset passwords, or delete accounts.


4. Administration Menu Table of Contents

The navigation bar includes an Administration Menu for users with the Admin ACL. It provides quick access to:

  • Administration Dashboard
  • ACL Management View

An image of the Administration Menu is shown in figure 2.

Administration navbar menu

Figure 2 - Administration navbar menu


5. Profile Details Table of Contents

Clicking the “Details” button brings the admin to a user’s profile view. It includes:

  • Login attempt count
  • Password reset flag status
  • Creation and last update dates
  • Account activation status

An example of this view is shown in figure 3.

Administration view of profile

Figure 3 - Administration view of profile


6. Edit Details Table of Contents

The edit details view is also similar to the equivalent view for the user profile details view. The difference is administrators have the ability to manage Access Control Levels (ACLs) for a user. An example of this view is shown below in figure 4.

Administration edit profile view

Figure 4 - Administration edit profile view

💡 Tip: ACL checkboxes allow assigning multiple roles per user. Learn more about ACLs →

Learn more about ACLs here.


7. Reset Password Table of Contents

This view has a form with a checkbox that enables administrators to toggle the reset_password flag for a particular user.


8. Account Status Table of Contents

This view allows administrators to activate or deactivate an account. Accounts get deactivated after a user exceeds the value set to MAX_LOGIN_ATTEMPTS constant which can be set in the .env file.


9. Delete Account Table of Contents

Administrators have permission to soft delete user accounts. Soft deletion:

  • Removes the user from all listings
  • Keeps the record in the database (useful for audit trails or recovery)


10. Manage Access Control Levels (ACLs) Table of Contents

This view provides the ability to manage ACLs that are available to your project. Administrators can:

  • Add, remove, and edit ACLs not assigned to any users

More about ACLs can be found in the ACLs section of the user guide.