Feature #19301

Let non admin users update their account via the REST API

Added by Alex Last over 5 years ago. Updated 4 months ago.

Status:ClosedStart date:
Priority:NormalDue date:
Assignee:-% Done:

0%

Category:REST API
Target version:-
Resolution:Fixed

Description

Using Redmine Java API library:

User user = rmf.getUserManager.getCurrentuser;
user.setFirstName("new name");
rmf.getUserManager.update(user);

Error: BadAuthentication.

I believe this is because Redmine requires authorization for "update user" action, which requires admin privileges.
What it should do instead is to check permissions basing on resources. In this example user should be able to change his/her own details.


Related issues

Duplicates Redmine - Patch #31399: make /my/account endpoint accessible through API Closed

History

#1 Updated by Jean-Philippe Lang over 5 years ago

  • Tracker changed from Defect to Feature
  • Subject changed from Redmine API should authorize basing on resources, not actions to Let non admin users update their account via the REST API

#2 Updated by Go MAEDA 4 months ago

  • Duplicates Patch #31399: make /my/account endpoint accessible through API added

#3 Updated by Go MAEDA 4 months ago

  • Status changed from New to Closed
  • Resolution set to Fixed

An API to allow a user to update their own account has been added in Redmine 4.1.0. See #31399 for details.

Also available in: Atom PDF