Uploaded image for project: 'Crowd Data Center'
  1. Crowd Data Center
  2. CWD-5674

Allow ability to disable user profile updates in Crowd

    XMLWordPrintable

Details

    • Suggestion
    • Resolution: Unresolved
    • None
    • Core features
    • None

    • Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

    Description

      As part of https://jira.atlassian.com/browse/CWD-306, it allowed users to manage their accounts and view their details in a 'self service' console. With this users can update their profiles.

      There is an ask from Customers to Allow ability to disable user profile updates in Crowd and only allow them to update/reset the password.

      Expectation is that the users can only update the password. All other changes should  be done by an Administrator.

      Workaround

      As a workaround, we can modify the editprofile.jsp file, in order to block the update action from normal users, as follows:

      1. Stop Crowd
      2. Edit the <crowd-install>/crowd/atlassian-crowd-4.1.6-nested/crowd-webapp/console/user/editprofile.jsp file
      3. In the file, search for the following section: 
        <%-- action scoped variable to indicate whether the current user has permission to update profile or not --%>
<ww:set var="canUpdateProfile" value="hasUpdateProfilePermission()" />
      4. Edit it, adding a new scoped variable, as follows: 
        <%-- action scoped variable to indicate whether the current user has permission to update profile or not --%>
<ww:set var="canUpdateProfile" value="hasUpdateProfilePermission()" />
<ww:set var="isSysAdmin" value="sysAdmin == true" />
      5. Then, in the bottom of the file, search for the following section: 
        <ww:param name="action"><ww:url namespace="/console/user" action="updateprofile" includeParams="none"/></ww:param>
      6. Edit this part, surrounding the line between an if statement, as follows: 
        <ww:if test="#isSysAdmin">
        <ww:param name="action"><ww:url namespace="/console/user" action="updateprofile" includeParams="none"/></ww:param>
</ww:if>
      7. Start Crowd again.

      With the above, the Save button will still be there, but it won't trigger any update action.
      If you also wish to remove the button, proceed as follows:

      1. Find the following line: 
        <ww:param name="includeSubmitButton" value="#canUpdateProfile"/>
      2. Adjust the value argument, as follows: 
        <ww:param name="includeSubmitButton" value="#isSysAdmin"/>
      3. Restart Crowd.

      Attachments

        Issue Links

          is cloned by

          KRAK-4564 Loading...

          mentioned in

          Page Loading...

          Page Loading...

          Page Loading...

          Page Loading...

          Activity

            People

              Unassigned Unassigned
              ac6d7f363e18 Anuj Sharma
              Votes:
              6 Vote for this issue
              Watchers:
              8 Start watching this issue

              Dates

                Created:
                Updated: