Hi devs, I would like to fix the current inconsistencies in the way the change password feature is implemented.
Actually, to be able to change a password, you need to be able to save the document storing the XWikiUsers XObject. So edit right on the user profile is just what you require, but, if you want to use the "change password" feature implemented in passwd.vm, you need: - either being on your own profile or having global (!) admin right, just to see the "Change password" button - either being on your own profile or having (local) admin right on this profile, just to be able to use passwd.vm This seems to me really inconsistant, since these protections implemented in the UI part are either annoying or a false impression of security. So, I propose to simplify this by only checking the real requirements, which means only checking edit right on the user document ? WDYT ? Denis -- Denis Gervalle SOFTEC sa - CEO eGuilde sarl - CTO _______________________________________________ devs mailing list [email protected] http://lists.xwiki.org/mailman/listinfo/devs
