Hi devs,
I would like to fix the current inconsistencies in the way the change
password feature is implemented.
Actually, to be able to change a password, you need to be able to save the
document storing the XWikiUsers XObject. So edit right on the user profile
is just what you require, but, if you want to use the "change password"
feature implemented in passwd.vm, you need:
- either being on your own profile or having global (!) admin right, just
to see the "Change password" button
- either being on your own profile or having (local) admin right on this
profile, just to be able to use passwd.vm
This seems to me really inconsistant, since these protections implemented in
the UI part are either annoying or a false impression of security.
So, I propose to simplify this by only checking the real requirements, which
means only checking edit right on the user document ?
WDYT ?
Denis
--
Denis Gervalle
SOFTEC sa - CEO
eGuilde sarl - CTO