Uploaded image for project: 'Crowd'
  1. Crowd
  2. CWD-5674

Allow ability to disable user profile updates in Crowd

    XMLWordPrintable

    Details

    • Type: Suggestion
    • Status: Gathering Interest (View Workflow)
    • Resolution: Unresolved
    • Fix Version/s: None
    • Component/s: Core features
    • Labels:
      None
    • Feedback Policy:

      Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

      Description

      As part of https://jira.atlassian.com/browse/CWD-306, it allowed users to manage their accounts and view their details in a 'self service' console. With this users can update their profiles.

      There is an ask from Customers to Allow ability to disable user profile updates in Crowd and only allow them to update/reset the password.

      Expectation is that the users can only update the password. All other changes should  be done by an Administrator.

      Workaround

      As a workaround, we can modify the editprofile.jsp file, in order to block the update action from normal users, as follows:

      1. Stop Crowd
      2. Edit the <crowd-install>/crowd/atlassian-crowd-4.1.6-nested/crowd-webapp/console/user/editprofile.jsp file
      3. In the file, search for the following section:
        <%-- action scoped variable to indicate whether the current user has permission to update profile or not --%>
        <ww:set var="canUpdateProfile" value="hasUpdateProfilePermission()" />
        
      4. Edit it, adding a new scoped variable, as follows:
        <%-- action scoped variable to indicate whether the current user has permission to update profile or not --%>
        <ww:set var="canUpdateProfile" value="hasUpdateProfilePermission()" />
        <ww:set var="isSysAdmin" value="sysAdmin == true" />
        
      5. Then, in the bottom of the file, search for the following section:
        <ww:param name="action"><ww:url namespace="/console/user" action="updateprofile" includeParams="none"/></ww:param>
        
      6. Edit this part, surrounding the line between an if statement, as follows:
        <ww:if test="#isSysAdmin">
                <ww:param name="action"><ww:url namespace="/console/user" action="updateprofile" includeParams="none"/></ww:param>
        </ww:if>
        
      7. Start Crowd again.

      With the above, the Save button will still be there, but it won't trigger any update action.
      If you also wish to remove the button, proceed as follows:

      1. Find the following line:
        <ww:param name="includeSubmitButton" value="#canUpdateProfile"/>
        
      2. Adjust the value argument, as follows:
        <ww:param name="includeSubmitButton" value="#isSysAdmin"/>
        
      3. Restart Crowd.

        Attachments

          Activity

            People

            Assignee:
            Unassigned Unassigned
            Reporter:
            ac6d7f363e18 Anuj Sharma
            Votes:
            6 Vote for this issue
            Watchers:
            7 Start watching this issue

              Dates

              Created:
              Updated: