I started using Drupal a few months ago and I must say it is an extremely well coded piece of software.

I'm currently developing Drupaltin, a product to integrate vBulletin and Drupal without hacking any core files. You can find out more if you would like at http://www.theoverclocked.com/Drupaltin

One of the biggest problems I have run into is that Drupal assumes if the userid=1 then the user is the superadmin. There is a similar function in vBulletin, but they allow you to specify the superadmin userid(s) in the config file. It would be wise to adopt this method for Drupal as well.

I know it's best practice to not use the superadmin account for daily use, but the former still applies. Remember, one of the best things about Drupal is the ability to fully customize Drupal to fit your needs. In order to continue in this direction, it is important to allow the administrator specify the superadmin userid.

I posted this in the Usability forums first and was advised to create a feature request. Here is the original post: http://drupal.org/node/129302

-Jordan

Comments

killes@www.drop.org’s picture

killes@www.drop.org CreditAttribution: killes@www.drop.org commented

You don't say why this would be useful. only because vBulletin does so, isn't good enough. :)

Frankly, I don't see this happening.

JStarcher’s picture

JStarcher CreditAttribution: JStarcher commented

You don't say why this would be useful. only because vBulletin does so, isn't good enough. :)

Frankly, I don't see this happening.

Doh, you are right! Sorry about that, I'll explain further.

There are a few major reasons it has screwed me over:

  • Say "Bob" started up a web site and used Drupal for his CMS. A year goes by and Bob no longer has the funds or time to keep his popular site up anymore. Bob ends up selling the domain and web site to "Joe" so now Joe has full ownership.

    The problem becomes that since Bob started the site, his userid will be 1. Since Joe didn't come until later on, his account is under a different userid. With the current Drupal superuser system, Bob would be able to login at anytime and have full admin permissions just because his userid is 1. Joe will not be able to become the superadmin either because his userid is not 1.

  • In my development of Drupaltin, the addon scripts will fully synchronize the vBulletin user database with the Drupal database. Since vBulletin has the ability to specify the superadmin(s) userid in the config file, use vBulletin people don't have to worry about the whole userid dilemma like you would in Drupal. Due to this fact, it is often a compatibility issue for the vBulletin superadmin to become the superadmin in Drupal. If Drupal had the ability to specify which userid(s) is superadmin, it would be no problem at all.
  • Sometimes people like having more then one superadmin, usually in the case of a joint-ownership. Since Drupal automatically figures that the user with userid=1 is the superadmin, you cannot add another superadmin short of hacking the core files. If you could specify the userids in the config file, hours of work would be cut to literally seconds.

    Hope you can see where I'm coming from, if I can be more specific let me know!

    Thanks,
    Jordan

StevenPatz’s picture

StevenPatz
he/him
Primary language English
Location Alexandria VA
CreditAttribution: StevenPatz commented

I'm not following your use case. If the site is sold, shouldn't the password and login be given to whomever it is sold to, and that person be responsible to change the password?

JStarcher’s picture

JStarcher CreditAttribution: JStarcher commented

I'm not following your use case. If the site is sold, shouldn't the password and login be given to whomever it is sold to, and that person be responsible to change the password?

Well you could do that but it is rather generic to do so. If you did what you are saying, then all the old posts by the original owner would look like your posts, which would be pretty lame.

If you could just switch the superadmin userid, it would eliminate this problem completely.

mtha’s picture

mtha CreditAttribution: mtha commented

I agree with TheOverclocked.

- User profile ID should not be changed / modified/transfered over time because that userid ties with all the activities that
the account do with the site, including posting articles, books ...

- Super-Admin doesn't need to be the "founder" of the site. You can be the fist one who setup the site, but then you always can give super-admin role to someone else who can in charge of the position. You, with id = 1, cant give the "super admin-to-be" your account, because you are still active on the site.

- The ID #1 is only apply for new installed site. if you transfer from another site, or from another CMS, or integrating any other user-table, first user id is not always #1

- Hard-coded variables in script (other than in some configuration section) gives developers harder time to "develop"

I guess it wouldn't be too hard to specify another variable in configuration file, and set it to be "1"

StevenPatz’s picture

StevenPatz
he/him
Primary language English
Location Alexandria VA
CreditAttribution: StevenPatz commented
Version: 6.x-dev » 7.x-dev
JStarcher’s picture

JStarcher CreditAttribution: JStarcher commented

Very nice to see this is going in effect! There aren't any patches out yet are there? If not I might be able to come up with something. Should I wait for 6.0 to go gold before I do it though?

Jody Lynn’s picture

Jody Lynn
she/her
Primary language English
CreditAttribution: Jody Lynn commented
Priority: Normal » Minor

You can always add a new 'superuser' role to get around this limitation.

flickerfly’s picture

flickerfly CreditAttribution: flickerfly commented

This is something I'd like to see happen also. It means that sites that I setup back before I understood this could have a new user created, that user given SuperAdmin privs and then remove them from user 1. As it is, User 1 on early sites is stuck as both a "root" type of account and a regular user account because I have to move all the content and such from that account to another before it is truly separated. As it is, it works, but it could and should be better.

webchick’s picture

webchick
she/they
Primary language English
Location Vancouver 🇨🇦
CreditAttribution: webchick commented
Version: 7.x-dev » 8.x-dev

If this happens, it won't be before 8.x. We do ship with an admin role now though, which should hopefully help mitigate this assumption's effects.

JStarcher’s picture

JStarcher CreditAttribution: JStarcher commented

What needs to happen to make this go through? Do I need to go through the entire 7.x core after release and make a patch for every instance of UID = 1?

StevenPatz’s picture

StevenPatz
he/him
Primary language English
Location Alexandria VA
CreditAttribution: StevenPatz commented

if this is slated for 8.x, I would say the answer to that question is yes.

webchick’s picture

webchick
she/they
Primary language English
Location Vancouver 🇨🇦
CreditAttribution: webchick commented
Status: Active » Closed (duplicate)

This looks like a duplicate of #540008: Remove the special behavior of UID#1, which is older and has a patch, so closing this one.

webchick’s picture

webchick
she/they
Primary language English
Location Vancouver 🇨🇦
CreditAttribution: webchick commented

Oops. Not older. But does have a patch. :)