Check out the userdao I think. That does the update command to the user. You simply can rewrite the code there .
I modified the code myself so that email updates can be written. I guess I linked this to the SSO setting - so that when sso I refuse to read the pwd info...
Fairly simple to make the change.
And yes, you are right about that it would not check for the password info when being admin. The reason is fairly simple: Admins may change ALL email addresses and ALL passwords. So it's useless to compare to the user specific password as the admin may not know the old one ;)
But that's still int he template. You have to look in the
java file to make the magic happening.
Maybe Rapheal can add some config parameter that you can define wether or not the password should be necessary for updating the email field.
[originally posted on jforum.net by Sid]