3.2.0.0 - Users without WriteUsers can't update their own password due to including the `enabled` field.

```http
[13:40:30]: POST https://<ADDRESS>/User => {"password":"********************","oAuthConnections":null,"permissionSet":null,"group":null,"enabled":true,"createdAt":null,"systemIdentifier":null,"name":null,"id":7}
[13:40:30]: HTTP Forbidden: POST https://<ADDRESS>/User
```

Users without `WriteUsers` are unable to alter their own profile due to `enabled` being sent in the request, as it having any value at all without the flag present will immediately drop the request as forbidden.

```cs
if ((!canEditAllUsers
	&& (model.Id != originalUser.Id
	|| model.Enabled.HasValue
	|| model.Group != null
	|| model.PermissionSet != null
	|| model.Name != null))
	|| (!passwordEdit && model.Password != null)
	|| (!oAuthEdit && model.OAuthConnections != null))
	return Forbid();
```

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

3.2.0.0 - Users without WriteUsers can't update their own password due to including the `enabled` field. #86

Metadata

Assignees

Labels

Type

Fields

Projects

Milestone

Relationships

Development

3.2.0.0 - Users without WriteUsers can't update their own password due to including the enabled field. #86

Description

Metadata

Metadata

Assignees

Labels

Type

Fields

Projects

Milestone

Relationships

Development

Issue actions

3.2.0.0 - Users without WriteUsers can't update their own password due to including the `enabled` field. #86