Rename config to elevated_sessions_enabled with true default.

1stevengrant · 1stevengrant · commit 5158dfe3a357 · 2026-04-10T08:38:47.000+12:00
diff --git a/config/users.php b/config/users.php
@@ -187,12 +187,12 @@
     | Elevated Session Disabled
     |--------------------------------------------------------------------------
     |
-    | Here you may disable elevated sessions entirely. This can be
-    | useful when using OAuth.
+    | Here you may enable or disable elevated sessions. Disabling
+    | can be useful when using OAuth.
     |
     */
 
-    'elevated_session_disabled' => false,
+    'elevated_sessions_enabled' => true,
 
     /*
     |--------------------------------------------------------------------------
diff --git a/src/Http/Controllers/CP/CpController.php b/src/Http/Controllers/CP/CpController.php
@@ -72,7 +72,7 @@ public function authorizeProIf($condition)
 
     public function requireElevatedSession(): void
     {
-        if (! config('statamic.users.elevated_session_disabled') && ! request()->hasElevatedSession()) {
+        if (config('statamic.users.elevated_sessions_enabled') && ! request()->hasElevatedSession()) {
             throw new ElevatedSessionAuthorizationException;
         }
     }
diff --git a/src/Http/Middleware/CP/RequireElevatedSession.php b/src/Http/Middleware/CP/RequireElevatedSession.php
@@ -9,7 +9,7 @@ class RequireElevatedSession
 {
     public function handle($request, Closure $next)
     {
-        if (! config('statamic.users.elevated_session_disabled') && ! $request->hasElevatedSession()) {
+        if (config('statamic.users.elevated_sessions_enabled') && ! $request->hasElevatedSession()) {
             throw new ElevatedSessionAuthorizationException;
         }
 
diff --git a/tests/Auth/ElevatedSessionTest.php b/tests/Auth/ElevatedSessionTest.php
@@ -303,7 +303,7 @@ public function middleware_denies_request_when_elevated_session_has_expired_via_
     #[Test]
     public function middleware_does_not_require_elevated_session_when_elevated_session_is_disabled()
     {
-        config(['statamic.users.elevated_session_disabled' => true]);
+        config(['statamic.users.elevated_sessions_enabled' => false]);
 
         $this->actingAs($this->user);
 
@@ -316,7 +316,7 @@ public function middleware_does_not_require_elevated_session_when_elevated_sessi
     #[Test]
     public function middleware_does_not_require_elevated_session_when_elevated_session_is_disabled_even_if_session_expired()
     {
-        config(['statamic.users.elevated_session_disabled' => true]);
+        config(['statamic.users.elevated_sessions_enabled' => false]);
 
         $this->actingAs($this->user);
 
@@ -330,7 +330,7 @@ public function middleware_does_not_require_elevated_session_when_elevated_sessi
     #[Test]
     public function middleware_does_not_require_elevated_session_when_elevated_session_is_disabled_via_json()
     {
-        config(['statamic.users.elevated_session_disabled' => true]);
+        config(['statamic.users.elevated_sessions_enabled' => false]);
 
         $this->actingAs($this->user);
 
diff --git a/tests/Feature/Roles/StoreRoleTest.php b/tests/Feature/Roles/StoreRoleTest.php
@@ -71,7 +71,7 @@ public function it_denies_access_without_active_elevated_session()
     #[Test]
     public function it_allows_storing_a_role_without_elevated_session_when_elevated_sessions_are_disabled()
     {
-        config(['statamic.users.elevated_session_disabled' => true]);
+        config(['statamic.users.elevated_sessions_enabled' => false]);
 
         $this
             ->actingAsUserWithPermissions(['edit roles'])

Original file line number	Diff line number	Diff line change
`@@ -187,12 +187,12 @@`
`187`	`187`	`\| Elevated Session Disabled`
`188`	`188`	`\|--------------------------------------------------------------------------`
`189`	`189`	`\|`
`190`		`- \| Here you may disable elevated sessions entirely. This can be`
`191`		`- \| useful when using OAuth.`
	`190`	`+ \| Here you may enable or disable elevated sessions. Disabling`
	`191`	`+ \| can be useful when using OAuth.`
`192`	`192`	`\|`
`193`	`193`	`*/`
`194`	`194`
`195`		`- 'elevated_session_disabled' => false,`
	`195`	`+ 'elevated_sessions_enabled' => true,`
`196`	`196`
`197`	`197`	`/*`
`198`	`198`	`\|--------------------------------------------------------------------------`
Original file line number	Diff line number	Diff line change
`@@ -72,7 +72,7 @@ public function authorizeProIf($condition)`
`72`	`72`
`73`	`73`	`public function requireElevatedSession(): void`
`74`	`74`	`{`
`75`		`- if (! config('statamic.users.elevated_session_disabled') && ! request()->hasElevatedSession()) {`
	`75`	`+ if (config('statamic.users.elevated_sessions_enabled') && ! request()->hasElevatedSession()) {`
`76`	`76`	`throw new ElevatedSessionAuthorizationException;`
`77`	`77`	`}`
`78`	`78`	`}`
Original file line number	Diff line number	Diff line change
`@@ -9,7 +9,7 @@ class RequireElevatedSession`
`9`	`9`	`{`
`10`	`10`	`public function handle($request, Closure $next)`
`11`	`11`	`{`
`12`		`- if (! config('statamic.users.elevated_session_disabled') && ! $request->hasElevatedSession()) {`
	`12`	`+ if (config('statamic.users.elevated_sessions_enabled') && ! $request->hasElevatedSession()) {`
`13`	`13`	`throw new ElevatedSessionAuthorizationException;`
`14`	`14`	`}`
`15`	`15`
Original file line number	Diff line number	Diff line change
`@@ -303,7 +303,7 @@ public function middleware_denies_request_when_elevated_session_has_expired_via_`
`303`	`303`	`#[Test]`
`304`	`304`	`public function middleware_does_not_require_elevated_session_when_elevated_session_is_disabled()`
`305`	`305`	`{`
`306`		`- config(['statamic.users.elevated_session_disabled' => true]);`
	`306`	`+ config(['statamic.users.elevated_sessions_enabled' => false]);`
`307`	`307`
`308`	`308`	`$this->actingAs($this->user);`
`309`	`309`
`@@ -316,7 +316,7 @@ public function middleware_does_not_require_elevated_session_when_elevated_sessi`
`316`	`316`	`#[Test]`
`317`	`317`	`public function middleware_does_not_require_elevated_session_when_elevated_session_is_disabled_even_if_session_expired()`
`318`	`318`	`{`
`319`		`- config(['statamic.users.elevated_session_disabled' => true]);`
	`319`	`+ config(['statamic.users.elevated_sessions_enabled' => false]);`
`320`	`320`
`321`	`321`	`$this->actingAs($this->user);`
`322`	`322`
`@@ -330,7 +330,7 @@ public function middleware_does_not_require_elevated_session_when_elevated_sessi`
`330`	`330`	`#[Test]`
`331`	`331`	`public function middleware_does_not_require_elevated_session_when_elevated_session_is_disabled_via_json()`
`332`	`332`	`{`
`333`		`- config(['statamic.users.elevated_session_disabled' => true]);`
	`333`	`+ config(['statamic.users.elevated_sessions_enabled' => false]);`
`334`	`334`
`335`	`335`	`$this->actingAs($this->user);`
`336`	`336`
Original file line number	Diff line number	Diff line change
`@@ -71,7 +71,7 @@ public function it_denies_access_without_active_elevated_session()`
`71`	`71`	`#[Test]`
`72`	`72`	`public function it_allows_storing_a_role_without_elevated_session_when_elevated_sessions_are_disabled()`
`73`	`73`	`{`
`74`		`- config(['statamic.users.elevated_session_disabled' => true]);`
	`74`	`+ config(['statamic.users.elevated_sessions_enabled' => false]);`
`75`	`75`
`76`	`76`	`$this`
`77`	`77`	`->actingAsUserWithPermissions(['edit roles'])`