User module sets #access to the username and status fields to false unless the user has administer users permission. This module needs to override that if it is granting access to edit the user, otherwise not all properties can be properly edited.

Comments

mrfelton’s picture

Status:Active» Fixed

Fixed in dev

Status:Fixed» Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.

Rob230’s picture

Issue summary:View changes
Status:Closed (fixed)» Needs work

It seems that after installing the dev version everyone is allowed to edit their own username, regardless of the 'change own username' permission.

Expected beheviour would be that only users with the 'edit users with role x' permission would be able to change usernames (and everything else) of users with that role.

This is because in administerusersbyrole_form_user_profile_form_alter() you have:

<?php
$admin
= _administerusersbyrole_can_edit_user($account);
$admin = !empty($admin) ? TRUE : user_access('administer users');
$form['account']['name']['#access'] = ($register || ($user->uid == $account->uid && user_access('change own username')) || $admin);
?>

And at the start of _administerusersbyrole_can_edit_user() is:

<?php
if ($account->uid == $user->uid) {
  return
TRUE;
}
?>

Therefore everyone is considered an admin on their own page, so everyone will be allowed to edit their username and the 'change own username' permission is being ignored.

AdamPS’s picture

Assigned:Unassigned» AdamPS
Issue tags:+beta2

In #3

Expected beheviour would be that only users with the 'edit users with role x' permission would be able to change usernames (and everything else) of users with that role.

You can also edit your own account if you have 'administer users' permission. So I think we can extend that in our module to say you can edit your own username if you have permissions that would allow editing of it as an admin based on roles (i.e. even if it wasn't your account you own could edit it).

I would like to fix this as part of #2378869: Meta-issue for Beta 2 release. Please sign up as a follower of that issue. However note that the first patch just posted doesn't solve it.

  • mrfelton committed 9cad4b7 on 7.x-2.x
    Issue #1940874 by mrfelton: Fixed Unable to edit username or status if...
AdamPS’s picture

Fix now available in latest release

AdamPS’s picture

Version:7.x-1.x-dev» 7.x-2.0-beta1
Status:Needs work» Fixed
AdamPS’s picture

Status:Fixed» Closed (fixed)