Admin cannot update own mail or set a password

Scumi

Hello,

I have a function that updates the forum user via API. It works fine except for the admin himself.
During troubleshooting I recognized that the admin also cannot set a new mail or password for himself in flarums 'update user' dialogue, leading to the conclusion that updating yourself is generally not wanted (a user also cannot do that for himself without permission, which might make sense).
However, I read during my research in other threads here, that this was fixed and the admin should be able to update his own user data.

clarkwinkelmann

Scumi yes there has been some talk about this recently, and with your message I just realized why we actually prevented the admin from editing themselves in the interface.

Right now the API is configured so that when you PUT/PATCH to the /users/<id> endpoint, if you are the user it requests a new email change. And if you are not the user but have "edit user" permission, it changes the email without sending a confirmation request.

This is probably something that requires discussing in flarum/core2200

Right now, an admin indeed can't edit their own email directly via the API. A workaround could be to create a new "robot admin" user that's in charge of editing all other users including the main admin, if you need to be able to do that. Then use that robot user as the author of the API actions.