id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
32052	"Change password link in UserAdmin is still available for the staff user's with 'change_user"" permission and lack of  'change_password' one"	Artem Alemasov	nobody	"Despite the password row disappeared from the change_view in admin for user when the 'change_password' permission is removed. The user is still able manually navigate to change password form via //<site>/admin/users/<user_id/password and change password of other user.

To prevent it I have to use this code in MyUserAdmin


{{{

def user_change_password(self, request, id, form_url=""""):
        can_change_user_password_permission = request.user.has_perm(""users.change_password"")
        if can_change_user_password_permission:
            return super().user_change_password(request, id, form_url)

        raise PermissionDenied
}}}
"	Bug	closed	contrib.admin	3.1	Normal	invalid	permissions, admin		Unreviewed	0	0	0	0	0	0