Non-Admin users cannot change their password

[jake]

Non-Admin users don't have access to the aUserAdmin Module, and therefor have no interface for editing their password. I think, instead of removing the Users button from the non-admin global tools, we should replace it with a user settings button that takes them directly to their user page, where they can edit their username/password.

When the user clicks on the user settings button they are directed to this form:

We would probably want to add a "current password" field to this, as well.

[tboutell]

This has to be done carefully so they can't edit inappropriate fields, grant themselves privileges, change the id in the URL to somebody else, etc. One existing solution is to add sfDoctrineApplyPlugin to a project. The new branch is pretty easy. That does require introducing email addresses for everyone. You could disable the actual "apply" action if you just want the password-changing feature (with email confirmation, which is always good for password changes).

The new trunk of sfDoctrineGuardPlugin has the password-change feature too however it is not stable yet. Using sfDoctrineApplyPlugin's new 1.2 branch sets you up to be compatible with that when it's ready, though.

PLEASE NOTE: if you do use the apply plugin make sure you read the README checked out from the branch. The README currently on the Symfony site is older and does not reflect some pretty big differences.

What project is motivating this? Give me a TODO there so I know what might make sense in that context or email me if it's something less official than a punk client thing

[geoffd]

Rick, work on the design for how this would work.