BUG: User Management in BE should respect user’s parent roles

[tomgloeckler]

Is there an existing issue for this?

• I have searched the existing issues

Current Behavior

Create a role that inherits from Neos.Neos:Administrator, assign it to your admin user account and make Neos.Neos:Administrator abstract. Now edit your account in the User Management Module, e.g. change your password. When you try to save the changes you get this „Do not lock yourself out” warning and saving is not possible.

Expected Behavior

Having a role that inherits from Neos.Neos:Administrator I expect to have all the parent role’s privileges when editing users/accounts in the backend.

Steps To Reproduce

(see above)

Environment

- Flow: 8.3.12
- Neos: 8.3.18
- PHP: 8.2

Anything else?

This is what a potential solution could look like – take all parent roles into account:

# Neos\Neos\Controller\Module\Administration\UsersController L. 372
foreach ($roleIdentifiers as $roleIdentifier) {
    $role = $this->policyService->getRole($roleIdentifier);
    $roles[$roleIdentifier] = $role;
    foreach($role->getAllParentRoles() as $parentRoleIdentifier => $parentRole) {
        if(!isset($roles[$parentRoleIdentifier])) {
            $roles[$parentRoleIdentifier] = $parentRole;
	} 
    }
}