Closed (fixed)
Project:
Services
Version:
7.x-3.x-dev
Component:
Code
Priority:
Normal
Category:
Bug report
Assigned:
Unassigned
Reporter:
Created:
29 Nov 2012 at 04:30 UTC
Updated:
29 Jan 2014 at 18:20 UTC
Jump to comment: Most recent, Most recent file
Comments
Comment #1
marcingy commentedThis makes sense.
Comment #2
kylebrowning commentedFixed and commited in both 6.x and 7.x and attributed to --author="jonathanhunt "
Comment #3
usonian commentedI found my way to this issue because I was getting the 'You are not allowed to change your username' issue when trying to use the user update API method as a user that definitely has 'administer user' permissions.
Unless I'm misunderstanding the intended logic, shouldn't the call to user_access('administer user') permission be negated, so the logic goes like:
IF
the account name is set AND the account name does not equal the current user's name AND the current user does NOT have the 'change own username' permission,
OR
the current user does NOT have the 'administer users' permission
THEN
Return the 'You are not allowed to change your username' error.
Comment #4
kylebrowning commentedusonian, fixed in dex for 6.x and 7.x
Comment #5
kevin.dutra commentedThis patch did not get correctly applied to 6.x-3.x. There's a set of parens missing, so it's currently
but should be
Remarking as RTBC since it was already accepted.
Comment #6
kylebrowning commentedWoops, fixed.
Comment #8
frega commentedReopening this rather than #1419506: User update resource allows name update without 'Change own username' permission because this is more recent commit 614b94a7c08ee67adc557819b2a86c1d630a995e references this issue.
The name-change permission check is correct in the 6.x-3.x branch but it isn't correct in the 7.x-3.x branch.
6.x-3.x logic: services_error if name change and user has NOT ( either 'change own username' OR 'administer users' permission, i.e. neither )
7.x-3.x logic: services_error if name change and user has NOT ( 'change own username' OR NOT 'administer users' permission)
For 7.x-3.x the line reads:
For 6.x-3.x accordingly:
Please find a micro patch attached - i know a test would be great :(
Comment #9
kylebrowning commentedHeres a patch with a test, if green, will commit
Comment #10
kylebrowning commentedgreen light!
Comment #11
kylebrowning commented