If a user is logged in and the system.user.editUser
function is called when they don’t have user management permissions, but the target user is their own user, are they able to run the function? Or is it only possible for user administrators to edit any user?
Have you tried it? I don’t think that function checks any permissions at all.
edit: hmm, docs suggest otherwise, at least when run from client scope. Looks like they need to have the user management permission.
1 Like
Actually I tried it and it seemed to work.
This is the code that I used to test, logged into Perspective as the user and clicking a button ran this code:
idp = self.session.props.auth.idp
username = self.session.props.auth.user.userName
user = system.user.getUser(idp, username)
user.addContactInfo({"sms": "5551212"})
system.user.editUser(idp, user)
Worked just fine for me.
Perspective scripting is a bit different than a Vision client; it runs on the gateway.
1 Like
Oh gotcha, sorry, I should’ve clarified that I’m using Perspective. But hey, glad it works!
So yeah, in that case… no permission checks at all.
1 Like
How would you edit ‘firstname’ ?
The user from system.user.getUser doesn’t have any set properties…
1 Like