Lockdown User profile phone field for analysts

cisagov / manage.get.gov

A Django-based domain name registrar used by the .gov domain to communicate with an EPP registry

https://get.gov

Other

55 stars 17 forks source link

Lockdown User profile phone field for analysts #2439

Closed gabydisarli closed 1 week ago

gabydisarli commented 2 weeks ago

Issue description

The ability to edit a User's profile should be allowed by Super admins only. If an analyst were to delete a user's phone number, our system would put them into a flow to update their profile which might be jarring if they weren't expecting it. We should lock down this field for analysts and make it read-only, like the other fields in the User profile section on /admin

Acceptance Criteria

[ ] make phone field read-only for analysts

Links to other issues

vickyszuchin commented 2 weeks ago

Per Gaby: ticket can be a follow on to user profile MVP. It's not critical, just a good thing to do as a fast follow to prevent any accidental actions.