Closed ErwinKomen closed 1 month ago
This is in ProfileEdit
, where we added the Change Password option.
Obviously, this should be restricted to the user him/herself.
Added:
# For all people: if this is the correct user, allow him/her to change password
if not self.request.user is None and instance.user.id == self.request.user.id:
# This is the user who may change his/her password
oItem = dict(type='safe', label="", value=instance.get_changepw())
context['mainitems'].append(oItem)
Double checking: moderators can still edit the profile of any other user. That is by design. A moderator should be able to do this.
One more: topnav.html
under User > User profile had a link to user.id
But that should be to the profile:
{% url 'profile_details' user.user_profiles.first.id %}
Changed
Right now it is possible for any signed-in user to change the password of anyone else.