Need to have a permission which administers the users without set password privilege for a user.

[Kola]

Hello,

I am a newbie to Processwire. I have created a user named "user-admin" who is responsible to create new users(name,email,role). I am using EmailNewUser and ForcePasswordChange modules to auto generate password and mail it to newly registered users. I dont want to allow anyone to change/set password manually for all these users. 

i.e I dont want "Set Password" option accessible to anyone except that user himself. Not even user-admin or super-user should be able to change/set password of other users manually. Is this possible? and what happens in case a user forgets his password?

[Kiwi Chris]

There is an optional module in the core ProcessForgotPassword that you can install to enable people to reset their passwords if they forget.

With regard to preventing even super-user role from changing any password other than their own, I think it could be done, but would require a hook in site/ready.php

I'd imagine adding a hook before InputfieldPassword::processInput should be able to check the current user, and if they're not the same user as the password belongs to, then abandon any changes.

I may not have the right hook method. A hook before Pages::save might be another option, as everything including users are 'pages' in Processwire, so the logic would be something like

if($user->name != $page->name && $page->template == 'user'){

//Prevent page saving.

}

Someone else can probably help give a working example, or if I get time I can have a try and update my post once I've got something working.