Bug #98080
open
Remove useless options.passwordReset
0%
Description
The user tsconfig options.passwordReset can be used to define which users are allowed to reset passwords of other backend users in the backend.
However the module "backend users" is restricted to admins anyway which means that me as an admin can set the tsconfig of my own user to whatever I like which makes this restriction useless.
See also #98021 for how this setting confuses because of same naming as the global setting in typo3_conf_vars
Updated by Georg Ringer over 1 year ago
- Related to Bug #98021: Disabling password reset wirh options.passwordReset for only user with email still shows password reset link added
Updated by Riccardo De Contardi 13 days ago
The option is still documented and active on version 13 (https://docs.typo3.org/m/typo3/reference-tsconfig/main/en-us/UserTsconfig/Options.html#passwordreset)
I either don't grasp what could be the use case for ad admin user to be be prevented sending reset password mails for other users :/ not to mention that an admin user can edit whichever be_user record, including his/her password
The only reason to keep it could be to make the "Backend User" module accessible in the future for regular non-admin users
Maybe there is something I am missing?