plone
You cannot edit a user if you are authenticated with a Site Administrator.
Describe the bug If you are authenticated with a Site Administrator and try to edit any user, the error occurs:
{
"message": "You can only change your OWN login name.",
"type": "Unauthorized"
}
To Reproduce Steps to reproduce the behavior:
- Authenticate with a Site Administrator role user.
- Go to the user listing page: http://localhost:3000/controlpanel/users
- Click on the three dots of any other user
- Click in Edit.
- Click Save
- See the error in the console. The screen remains unchanged.
Expected behavior The user must be saved.
Software (please complete the following information):
- OS: [e.g. iOS]
- Browser: Chrome
- Volto Version: 18.0.0-alpha.41
- Plone Version: 6.0.11
- Plone REST API Version: 9.7.0
Additional context
Maybe a solution is to remove the username from the edit form.
Is this behavior consistent with or different from Plone Classic UI?
Can you change your own username?
Is this behavior consistent with or different from Plone Classic UI?
In classic Plone it is not possible to change the login name. To see:
Can you change your own username?
To change your own username, you would need to have the manage user permission. In other words, you would have to be a Manager or Site Administrator. But I find that strange. Perhaps the best thing would be to prohibit the change, as occurs in classic Plone.
Volto should align with Classic UI in functionality in control panels. The fewer functional differences between the two, the better. I'd say prohibit changing the username.
FWIW, I did not see how to change my own username or another user's username when logged in as a Site Administrator.
FWIW, I did not see how to change my own username or another user's username when logged in as a Site Administrator.
See the To Reproduce item in the issue description.
FWIW, I did not see how to change my own username or another user's username when logged in as a Site Administrator.
See the
To Reproduceitem in the issue description.
I still don't see it on https://demo.plone.org/controlpanel/users.
I set up two users as Site Admins:
- test/testtest
- testtest2/testtest2
I can change their Full Name, but there is no username in the edit form.
@stevepiercy https://demo.plone.org use Volto 17. This functionality is new on Volto 18.
Or rather, I think this functionality already existed in the Volto 17. I'm going to do a test on the Volto 18, to see if this is really possible.
@stevepiercy the username really does not appear in the form. But the request made to the backend sends the username anyway.
@wesleybl I'm still not clear what is the problem and what is the desired behavior. Given username is not in the edit form, in Volto 17 or 18, then I don't understand what the problem is.
@stevepiercy Even though the username is not visually present in the form, when we try to save it, the username is send in the request made to the backend, causing the error.
If you follow the steps in "To reproduce", you will see the error. We were unable to save the form. Remember that we must be authenticated with the Site Administrator. A Manager can save the form.
@Ameerjafar please read and follow First-time contributors, especially Things not to do, Contributing to Plone, and Contributing to Volto.
@stevepiercy i am not getting any error when I am trying to save the form but we we are trying to save the form the api sends the username as payload
and also i have a question even if we didn't change anything in form why we are sending request to backend
i am not getting any error when I am trying to save the form but we we are trying to save the form the api sends the username as payload
@Shyam-Raghuwanshi You need to be authenticated with a user with the Site Administrator role to see the error. You were probably authenticated with a Manager role when you make the test.