[MAGNOLIA-574] User preferences Created: 12/Oct/05 Updated: 23/Jan/13 Resolved: 29/Sep/08 |
|
| Status: | Closed |
| Project: | Magnolia |
| Component/s: | admininterface |
| Affects Version/s: | None |
| Fix Version/s: | 4.0 |
| Type: | New Feature | Priority: | Major |
| Reporter: | Boris Kraft | Assignee: | Jan Haderka |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||||||||||||||||||||||||||||||
| Template: |
|
||||||||||||||||||||||||||||||||||||
| Acceptance criteria: |
Empty
|
||||||||||||||||||||||||||||||||||||
| Date of First Response: | |||||||||||||||||||||||||||||||||||||
| Description |
|
Mechanisms to have user preferences so that each user can change his own preferences like password (obviously), email, name, language but also other stuff (extensible) - one example is the change notification scheme. see |
| Comments |
| Comment by Philipp Bracher [ 17/May/06 ] |
|
The user dialog should be configurable like the others |
| Comment by Magnolia International [ 24/Aug/07 ] |
|
related to the public user registration project (see MGNLPUR) |
| Comment by Magnolia International [ 24/Aug/07 ] |
| Comment by Magnolia International [ 06/Jun/08 ] |
|
Could we - for 3.6 or 3.7 - just have the logged in username clickable, which would open the user's own edit dialog ? |
| Comment by Jan Haderka [ 11/Aug/08 ] |
|
Actually by default users do not have even read rights to their own node at the moment. ERROR info.magnolia.module.admininterface.DialogMVCHandler DialogMVCHandler.java(getStorageNode:359) 11.08.2008 14:49:34 can't read content to edit info.magnolia.cms.security.AccessDeniedException: User not allowed to Read path [/admin/test] |
| Comment by Jan Haderka [ 12/Aug/08 ] |
|
when preferences are changed via user preferences dialog linked directly from the main frame (by clicking on the user name in right top corner), whole frame is reloaded and therefore even menu and top header is updated. |
| Comment by Jan Haderka [ 13/Aug/08 ] |
|
r17287 |
| Comment by Fabrizio Giustina [ 13/Aug/08 ] |
|
wow, looks a little bit too "open"! We should create a specific dialog for this preferences, without the group/roles section, and be sure that the automatically added acls don't allow changing its own groups... |
| Comment by Fabrizio Giustina [ 13/Aug/08 ] |
|
hint: maybe we could just leave the user acls as they are now, without adding any specific permission for changing their own details (maybe adding only READ permissions). |
| Comment by Jan Haderka [ 14/Aug/08 ] |
|
The problems you mention are not a problem of exposing the user preferences dialog. Please see |
| Comment by Fabrizio Giustina [ 14/Aug/08 ] |
|
> The problems you mention are not a problem of exposing the user preferences dialog |
| Comment by Jan Haderka [ 14/Aug/08 ] |
|
I think that when the other related issues are resolved user won't be able to assign themselves groups/roles they do not have access to. The nwe can discuss whether it is appropriate to also disable this option in the dialog or not. But first of all we have to make sure users are not able to widen their own privileges themselves. |
| Comment by Jan Haderka [ 29/Sep/08 ] |
|
reverting fix in 3.6.x due to security concerns (users can lock themselves out of system). For details see |
| Comment by Jan Haderka [ 29/Sep/08 ] |
|
Keeping for 3.7 |