#400 add defanged_admin config to allow disabling of risky actions

lib/App/Netdisco/Web/AdminTask.pm

@@ -44,7 +44,7 @@ foreach my $action (@{ setting('job_prio')->{high} },
     };
 }
 
-ajax qr{/ajax/control/admin/(?:\w+/)?delete} => require_role admin => sub {
+ajax qr{/ajax/control/admin/(?:\w+/)?delete} => require_role setting('defanged_admin') => sub {
     send_error('Missing device', 400) unless param('device');
 
     my $device = NetAddr::IP->new(param('device'));

lib/App/Netdisco/Web/Plugin/AdminTask/Users.pm

@@ -31,7 +31,7 @@ sub _make_password {
   }
 }
 
-ajax '/ajax/control/admin/users/add' => require_role admin => sub {
+ajax '/ajax/control/admin/users/add' => require_role setting('defanged_admin') => sub {
     send_error('Bad Request', 400) unless _sanity_ok();
 
     schema('netdisco')->txn_do(sub {
@@ -48,7 +48,7 @@ ajax '/ajax/control/admin/users/add' => require_role admin => sub {
     });
 };
 
-ajax '/ajax/control/admin/users/del' => require_role admin => sub {
+ajax '/ajax/control/admin/users/del' => require_role setting('defanged_admin') => sub {
     send_error('Bad Request', 400) unless _sanity_ok();
 
     schema('netdisco')->txn_do(sub {
@@ -57,7 +57,7 @@ ajax '/ajax/control/admin/users/del' => require_role admin => sub {
     });
 };
 
-ajax '/ajax/control/admin/users/update' => require_role admin => sub {
+ajax '/ajax/control/admin/users/update' => require_role setting('defanged_admin') => sub {
     send_error('Bad Request', 400) unless _sanity_ok();
 
     schema('netdisco')->txn_do(sub {

share/config.yml

@@ -193,6 +193,7 @@ port_control_reasons:
 check_userlog: true
 devport_vlan_limit: 150
 login_logo: ""
+defanged_admin: 'admin'
 
 # -------------
 # NETDISCO CORE