There is a check done in _user_resource_update() to ensure that a user is only able to edit their username if they have the "change own username" permission. This is similar to the check done in user_edit_form(), but unlike the form, the resource doesn't allow a user with "administer users" to update the value.

CommentFileSizeAuthor
#1 administer-username-1909926-1.patch968 byteskevin.dutra

Comments

kevin.dutra’s picture

Status: Active » Needs review
StatusFileSize
new968 bytes

Here's a suggested patch.

kylebrowning’s picture

Status: Needs review » Reviewed & tested by the community
kylebrowning’s picture