James Adam wrote: > Please do work on it - patches are greatly appreciated. > > - james > > On 3/29/06, Jim Morris <[EMAIL PROTECTED]> wrote: >> If no one else is working on it I'll post a patch when I'm done. >> >> -- >> Posted via http://www.ruby-forum.com/. >> _______________________________________________ >> engine-developers mailing list >> [email protected] >> http://lists.rails-engines.org/listinfo.cgi/engine-developers-rails-engines.org >> > > > -- > * J * > ~
Ok I attached two patches to ticket #70. I have tested it with User Engine, but I cannot run a full regression test as I can't get any of the tests to run and pass (even without any patches!) Basically it adds a password field in the _password.rhtml partial if the request came from a user changing their own password, and adds the logic to the controller to check that the existing password is correct if one existed in the first place. This also works well with userengine, and allows the admin to change another persons password without the need to type in the existing password. I also added some error testing in the controllers which were ignoring return errors. However this opens up another security question as to whether the admin should be prompted for their password before allowing any changes like this. I think it could be made an optional configuration, I'll look into that next. -- Posted via http://www.ruby-forum.com/. _______________________________________________ engine-developers mailing list [email protected] http://lists.rails-engines.org/listinfo.cgi/engine-developers-rails-engines.org
