Developer forum

Hi guys,

Anybody?

Thank you,
Adrian

Hi Adrian,

I don't think you can do that. We developed a custom webapi to do this.

BR

Nuno

Hi Nuno,

I was somehow expecting this :(

Can I convince you to share your code :) ?

Maybe across some beers in Hamburg?

Thank you,
Adrian

Hi Adrian,

Yes, of course. In fact I noticed that we changed it to using the webapi, so it's just some JS. I can try to look into the old code. 

In our case we were allowing the user (Impersonating another user - aka the Secundary user) to update their password. Is this what you're trying to achieve? Otherwise you'll have to implement some security measures to validate the request cannot be exploited (since it will be public and has the potential to update any user and any field.

Best Regards,

Nuno Aguiar

Hi Nuno,

In my case, a user can/should be able to create subusers that will be used as companies (I cannot use Addresses for this purpose). The newly created user objects won't have credentials for logging in.
The editing process will involve changing quite a few fields. I am not sure if Impersonation would work in our case.

I may need to rethink it.

Thank you anyway,

Adrian

Hi Adrian

You might want to take a look at manage users here:

https://github.com/dynamicweb/Swift/tree/main/Swift/Files/Templates/Designs/Swift/UserManagement/CreateProfile

It will create a user for you using another user (administrator).

We currently have a bug related to customernumber not being saved on the user you create - the problem is security (Doing this custom can also pose a serious security issue)

We are also in the process of creating new users modules supporting viewmodels for DW10. And managing users under another user, is part of the scope. Who can edit which fiels is the difficult part - e.g. being able to change customer number and other things makes it possible to get access to other users data and stuff like that.

If you have the chance to describe the entire flow you are working on, that would be appreciated.

Thanks, Nicolai

Hi Nicolai,

I was wondering if I could mess around with the Extranet App before the module is loaded by supplying a different UserID

Specifically, the module has this option (for view profile):

Whish seems to be a Paragraph settings property.

I would guess it is the same when editing a profile.

If there is a notification I can use, and if the setting can be overwritten, maybe I can use the default functionality instead of creating a new one.

What do you think?

Thank you,
Adrian

You cannot use a notification on the users module - it does not exist.

You might be able to override the current user in session using code like this before the edit profile paragraph loads:

var sessionKey = string.Format("{0}.{1}", "UserManagement.User.Current", PagePermissionLevels.Frontend);
Context.Current.Session[sessionKey] = new user(); //get user you want to edit

You might be able to inject that using the Notifications.Standard.Paragraph.OnBeforeRender notification. You just have to remove the injected user and insert the original user after the edit user paragraph has rendered... 

Just remember that this is a potential security issue.

BR Nicolai

Hi Nicolai,

Thank you very much.

I will consider it if we end up going this path.

Adrian