incubator-answer
incubator-answer copied to clipboard
apache
Admin able to update email of user
Is your enhancement request related to a problem? Please describe
On Explicit requests when user wishes to change email of their account they can request admin to do so.
Describe the solution you'd like
A clear and concise description of what you want to happen.
Describe alternatives you've considered
A clear and concise description of any alternative solutions or features you've considered.
@Octobug Yeah I got what you mean. But the deterrence is email serves as user identity (i.e. email ID must be unique) and another difference is user won't be able to do this (I don't recommend users to change their email directly, that's why suggested admin route)
I agree in terms of implementation, its sub-set of a feature.
@Octobug Yeah I got what you mean. But the deterrence is email serves as user identity (i.e. email ID must be unique) and another difference is user won't be able to do this (I don't recommend users to change their email directly, that's why suggested admin route)
I agree in terms of implementation, its sub-set of a feature.
Yes, this issue does need more consideration. This "Explicit requests" process requires some security mechanism to prove that a request is sent by the true owner of that account. An admin cannot simply change email for a user when he receives a request.
As for #346 , it lets the admin do that change when the admin is confident about the changing. It doesn't involve the aspect of how a user proves who he is.
This "Explicit requests" process requires some security mechanism to prove that a request is sent by the true owner of that account. An admin cannot simply change email for a user when he receives a request.
@Octobug Ah, I didn't say that you expressed that in https://github.com/apache/incubator-answer/issues/853#issuecomment-2017771967. Even this https://github.com/apache/incubator-answer/issues/853 doesn't involve the aspect of how a user proves who he is.
Email is treated separately as it has more purpose compared to other data like name, profile picture and bio.
@surapuramakhil I just suddenly realized that there might be security issues in the request process. Sorry to confuse you. 😂
Admin processing approval process off system. So admin needs to handle security issues :joy: Even today admin can do this by DB udpated. This feature just saves their life.
Email and username must be unique, modifying the database directly can be dangerous. Add the "Edith profile" menu in Admin -> Users for easy solving.
@fenbox I would like to work on this.
Should the end user receive a notification about this? Also, what should be the I8n guidelines for the new text?
@fenbox I would like to work on this.
Should the end user receive a notification about this? Also, what should be the I8n guidelines for the new text?
@prithvidasgupta This feature is an operation where the administrator enforces changes, which can be modified directly. So, there is no need to notify the user or send an email confirmation.
@fenbox I have been busy with interview preparation and didn't get a chance to look at this. I think someone else should pick it up.
