+1 Do not prohibit what you cannot prevent. Caleb
Denis Gervalle wrote: > Hi devs, > > I would like to fix the current inconsistencies in the way the change > password feature is implemented. > > Actually, to be able to change a password, you need to be able to save the > document storing the XWikiUsers XObject. So edit right on the user profile > is just what you require, but, if you want to use the "change password" > feature implemented in passwd.vm, you need: > - either being on your own profile or having global (!) admin right, just > to see the "Change password" button > - either being on your own profile or having (local) admin right on this > profile, just to be able to use passwd.vm > > This seems to me really inconsistant, since these protections implemented in > the UI part are either annoying or a false impression of security. > So, I propose to simplify this by only checking the real requirements, which > means only checking edit right on the user document ? > > WDYT ? > > Denis > _______________________________________________ devs mailing list [email protected] http://lists.xwiki.org/mailman/listinfo/devs
