Allowing Mods to reset user passwords.

MartinJD

Hi All, not sure if this is a bug or not really, but i'll give you a scenario:
As an Admin, you want to give the mods the ability to edit/reset user passwords.

So you give the mod group permission to edit users. However, now the mods are able to add members (including themselves) to the admin group (via the users settings on the user directory).

Is this expected? It would be useful to delegate password resets. I would expect that only admins are allowed to add/remove users from the admin group?

Kylo

MartinJD It's a known issue flarum/core1965

MartinJD

cool, thanks kylo. Feel free to delete the thread mods.

Mark73

I see that the team has come up with a solution flarum/core2113
But aren't we lacking a permission to edit profile pictures? As the current 'edit users' permission lets you edit profile pictures freely.

tankerkiller125

Mark73 Thanks for pointing this out. I'll probably update the PR later this afternoon to add one more permission for editing the user profile image.

Mark73

tankerkiller125 I just remembered something. The ability to activate the user's email, I'm not sure if this is included with the 'edit credentials' permission already or it has to be added as a separate permission. I'm pointing it out just in case...