The administrator should have the option to disable the settings functionality.
Right now this is achievable by unsetting the
secret_key
value in one's config. This works because the settings values are presently stored in a cookie, which needs thesecret_key
to work.Once these are moved over to JS-based WebStorage, a proper, specific config option will be needed for this.