You cannot edit a user if you are authenticated with a Site Administrator.

[wesleybl]

Describe the bug
If you are authenticated with a Site Administrator and try to edit any user, the error occurs:

{
  "message": "You can only change your OWN login name.",
  "type": "Unauthorized"
}

To Reproduce
Steps to reproduce the behavior:

1. Authenticate with a Site Administrator role user.
2. Go to the user listing page: http://localhost:3000/controlpanel/users
3. Click on the three dots of any other user
4. Click in Edit.
5. Click Save
6. See the error in the console. The screen remains unchanged.

Expected behavior
The user must be saved.

Software (please complete the following information):

• OS: [e.g. iOS]
• Browser: Chrome
• Volto Version: 18.0.0-alpha.41
• Plone Version: 6.0.11
• Plone REST API Version: 9.7.0

Additional context
Maybe a solution is to remove the username from the edit form.

[stevepiercy]

Is this behavior consistent with or different from Plone Classic UI?

Can you change your own username?

[wesleybl]

Is this behavior consistent with or different from Plone Classic UI?

In classic Plone it is not possible to change the login name. To see:

Can you change your own username?

To change your own username, you would need to have the manage user permission. In other words, you would have to be a Manager or Site Administrator. But I find that strange. Perhaps the best thing would be to prohibit the change, as occurs in classic Plone.

[stevepiercy]

Volto should align with Classic UI in functionality in control panels. The fewer functional differences between the two, the better. I'd say prohibit changing the username.

FWIW, I did not see how to change my own username or another user's username when logged in as a Site Administrator.

[wesleybl]

FWIW, I did not see how to change my own username or another user's username when logged in as a Site Administrator.

See the To Reproduce item in the issue description.

[stevepiercy]

FWIW, I did not see how to change my own username or another user's username when logged in as a Site Administrator.

See the To Reproduce item in the issue description.

I still don't see it on https://demo.plone.org/controlpanel/users.

I set up two users as Site Admins:

• test/testtest
• testtest2/testtest2

I can change their Full Name, but there is no username in the edit form.

[wesleybl]

@stevepiercy https://demo.plone.org use Volto 17. This functionality is new on Volto 18.

[wesleybl]

Or rather, I think this functionality already existed in the Volto 17. I'm going to do a test on the Volto 18, to see if this is really possible.

[wesleybl]

@stevepiercy the username really does not appear in the form. But the request made to the backend sends the username anyway.

[stevepiercy]

@wesleybl I'm still not clear what is the problem and what is the desired behavior. Given username is not in the edit form, in Volto 17 or 18, then I don't understand what the problem is.

[wesleybl]

@stevepiercy Even though the username is not visually present in the form, when we try to save it, the username is send in the request made to the backend, causing the error.

If you follow the steps in "To reproduce", you will see the error. We were unable to save the form. Remember that we must be authenticated with the Site Administrator. A Manager can save the form.