Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add permission check for admins updating user passwords
For security purposes administrators should not be able to set a users password. Only the accounts owner should be able to directly set their password. administrators should only have the ability to send a password reset email to the account owner. Otherwise someone working in customer service or another role could take over a users account in order to make illegal purchases with their stored credit card information. In order to maintain backwards compatibility, and leave more power in control of the store owner this will leave the current admin role behavior the same, but anyone creating custom roles will no longer be able to update passwords unless they explicitly add a change password permission.
- Loading branch information
Showing
5 changed files
with
64 additions
and
25 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters