Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


Navigation

    Cloudron Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular

    Feature request: Optionally restrict user profile editing

    Discuss
    usermanagement
    3
    4
    96
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • jimcavoli
      jimcavoli App Dev last edited by girish

      Especially when operating in business environments, I tend to want to force users' primary email address to be their "official" email address and only have it be editable by administrators, as well as ensuring that they keep their actual name set as their name. Currently, there's no way to restrict users to only be able to change their password recovery email address and not the other fields - it would be very useful for these types of deployments if there were settings available to turn off the ability of users to self-edit certain field(s) of their profile.

      1 Reply Last reply Reply Quote 1
      • nebulon
        nebulon Staff last edited by

        That sounds like an important use-case indeed and goes into a whole field of more fine-grained control over what users can and cannot do. So far we have tried to not overcomplicate the access control settings, but we are open to small useful adjustments. Given that Cloudron has a special permissions group, the admins and then simply the rest of the other users, would it be sufficient for your use-case to have an admin setting to prevent non-admins from changing their own profile? And if so, what fields should be protected?

        From your list, restricted fields should be:

        • display name
        • primary email

        Non-restricted ones are like:

        • password
        • recovery email

        Is this what you had in mind or are we missing some? (For example forcing users to use 2fa)

        jimcavoli 1 Reply Last reply Reply Quote 0
        • jimcavoli
          jimcavoli App Dev @nebulon last edited by

          @nebulon That's exactly what I had in mind; just keeping non-admins out of the fields you listed. Anything more advanced, like forcing 2FA or allowing app installation or email administration on certain domain(s) would all be cool, but I get that it becomes a more advanced permission system build-out, so I wouldn't consider it in-scope for this ask - the simpler case covers 90% of my headaches.

          1 Reply Last reply Reply Quote 0
          • W
            williamgomes Banned last edited by girish

            @nebulon said in Feature request: Optionally restrict user profile editing:

            That sounds like an important use-case indeed and goes into a whole field of more fine-grained control over what users can and cannot do. So far we have tried to not overcomplicate the access control settings, but we are open to small useful adjustments. Given that Cloudron has a special permissions group, the admins and then simply the rest of the other users, would it be sufficient for your use-case to have an admin setting to prevent non-admins from changing their own profile? And if so, what fields should be protected?

            agreed!!

            1 Reply Last reply Reply Quote 0
            • First post
              Last post