-
Suggestion
-
Resolution: Unresolved
-
None
-
None
-
7
-
As part of https://jira.atlassian.com/browse/CWD-306, it allowed users to manage their accounts and view their details in a 'self service' console. With this users can update their profiles.
There is an ask from Customers to Allow ability to disable user profile updates in Crowd and only allow them to update/reset the password.
Expectation is that the users can only update the password. All other changes should be done by an Administrator.
Workaround
As a workaround, we can modify the editprofile.jsp file, in order to block the update action from normal users, as follows:
- Stop Crowd
- Edit the <crowd-install>/crowd/atlassian-crowd-4.1.6-nested/crowd-webapp/console/user/editprofile.jsp file
- In the file, search for the following section:
<%-- action scoped variable to indicate whether the current user has permission to update profile or not --%> <ww:set var="canUpdateProfile" value="hasUpdateProfilePermission()" />
- Edit it, adding a new scoped variable, as follows:
<%-- action scoped variable to indicate whether the current user has permission to update profile or not --%> <ww:set var="canUpdateProfile" value="hasUpdateProfilePermission()" /> <ww:set var="isSysAdmin" value="sysAdmin == true" />
- Then, in the bottom of the file, search for the following section:
<ww:param name="action"><ww:url namespace="/console/user" action="updateprofile" includeParams="none"/></ww:param>
- Edit this part, surrounding the line between an if statement, as follows:
<ww:if test="#isSysAdmin"> <ww:param name="action"><ww:url namespace="/console/user" action="updateprofile" includeParams="none"/></ww:param> </ww:if>
- Start Crowd again.
With the above, the Save button will still be there, but it won't trigger any update action.
If you also wish to remove the button, proceed as follows:
- Find the following line:
<ww:param name="includeSubmitButton" value="#canUpdateProfile"/> - Adjust the value argument, as follows:
<ww:param name="includeSubmitButton" value="#isSysAdmin"/> - Restart Crowd.
[CWD-5674] Allow ability to disable user profile updates in Crowd
| Support reference count | New: 7 |
| Remote Link | New: This issue links to "Page (Confluence)" [ 611983 ] |
| Remote Link | New: This issue links to "Page (Confluence)" [ 608658 ] |
| Remote Link | New: This issue links to "Page (Confluence)" [ 605317 ] |
| Remote Link | New: This issue links to "Page (Confluence)" [ 604739 ] |
| Remote Link | New: This issue links to "KRAK-4564 (Current JIRA)" [ 604390 ] |
| Description |
Original:
As part of https://jira.atlassian.com/browse/CWD-306, it allowed users to manage their accounts and view their details in a 'self service' console. With this users can update their profiles.
There is an ask from Customers to Allow ability to disable user profile updates in Crowd and only allow them to update/reset the password. Expectation is that the users can only update the password. All other changes should be done by an Administrator. |
New:
As part of https://jira.atlassian.com/browse/CWD-306, it allowed users to manage their accounts and view their details in a 'self service' console. With this users can update their profiles.
There is an ask from Customers to Allow ability to disable user profile updates in Crowd and only allow them to update/reset the password. Expectation is that the users can only update the password. All other changes should be done by an Administrator. h3. Workaround As a workaround, we can modify the *editprofile.jsp* file, in order to block the update action from normal users, as follows: # Stop Crowd # Edit the {{<crowd-install>/crowd/atlassian-crowd-4.1.6-nested/crowd-webapp/console/user/editprofile.jsp}} file # In the file, search for the following section: {code:xml} <%-- action scoped variable to indicate whether the current user has permission to update profile or not --%> <ww:set var="canUpdateProfile" value="hasUpdateProfilePermission()" /> {code} # Edit it, adding a new scoped variable, as follows: {code:xml} <%-- action scoped variable to indicate whether the current user has permission to update profile or not --%> <ww:set var="canUpdateProfile" value="hasUpdateProfilePermission()" /> <ww:set var="isSysAdmin" value="sysAdmin == true" /> {code} # Then, in the bottom of the file, search for the following section: {code:xml} <ww:param name="action"><ww:url namespace="/console/user" action="updateprofile" includeParams="none"/></ww:param> {code} # Edit this part, surrounding the line between an if statement, as follows: {code:xml} <ww:if test="#isSysAdmin"> <ww:param name="action"><ww:url namespace="/console/user" action="updateprofile" includeParams="none"/></ww:param> </ww:if> {code} # Start Crowd again. With the above, the *Save* button will still be there, but it won't trigger any update action. If you also wish to remove the button, proceed as follows: # Find the following line: {code:xml} <ww:param name="includeSubmitButton" value="#canUpdateProfile"/> {code} # Adjust the value argument, as follows: {code:xml} <ww:param name="includeSubmitButton" value="#isSysAdmin"/> {code} # Restart Crowd. |