Allow users with ManageUsers permission to edit local user's email addresses#6183
Allow users with ManageUsers permission to edit local user's email addresses#6183danimo wants to merge 2 commits intobigbluebutton:masterfrom
Conversation
danimo
force-pushed
the
feat/edit_email
branch
2 times, most recently
from
77ec82f to
d34f51b
Compare
|
I initially got the logic wrong during refactoring until I was alerted to it by gaja (tnx!). Please double-check before merging! |
danimo
force-pushed
the
feat/edit_email
branch
from
d34f51b to
6a9f05e
Compare
…dresses Cleaned up the logic in UsersController along the way.
danimo
force-pushed
the
feat/edit_email
branch
from
6a9f05e to
6cc3879
Compare
|
thumbs up! |
|
There's been some back and forth discussion here: #5593 I've always been of the idea that an admin can do whatever they want - so I think this is a good middle solution |
| return %i[password avatar language role_id invite_token] if external_auth? && !is_admin | ||
| permitted = %i[password avatar language role_id invite_token] | ||
| permitted.push(:name) if is_user_manager || !external_auth? | ||
| permitted.push(:email) if is_user_manager |
There was a problem hiding this comment.
Allowing the admin to change an external users email might be problematic - especially if things aren't configured correctly
There was a problem hiding this comment.
I'd argue that this should be a local user thing but I imagine that's not what most people would need this for
There was a problem hiding this comment.
Allowing the admin to change an external users email might be problematic - especially if things aren't configured correctly
It depends a bit if email is the identifying key (or if the email fallback is activated). Anyway, if you feel like it is warranted, I can add a note in the documentation.
|
3 participants
Cleaned up the logic in UsersController along the way.