update_user_backend: Allow authorized org owners to change user emails.

This adds a new special UserProfile flag can_change_user_emails(disabled by default) and the ability for changing the email address of users in the realm via update_user_backend. This is useful for allowing organizations to update user emails without needing to set up a SCIM integration, but since it gives the ability to hijack user accounts, it needs to be behind this additional permission and can't be just given to organization owners by default. Analogical to how the create_user_backend endpoint works.
2025-10-23 04:52:12 +00:00 · 2024-09-03 21:41:18 +02:00
parent 8e9c592ce3
commit 389b851f81
9 changed files with 150 additions and 6 deletions
--- a/version.py
+++ b/version.py
@@ -34,7 +34,7 @@ DESKTOP_WARNING_VERSION = "5.9.3"
 # new level means in api_docs/changelog.md, as well as "**Changes**"
 # entries in the endpoint's documentation in `zulip.yaml`.

-API_FEATURE_LEVEL = 312  # Last bumped for adding 'realm_export_consent' event type.
+API_FEATURE_LEVEL = 313  # Last bumped for adding `new_email` to /users/{user_id}

 # Bump the minor PROVISION_VERSION to indicate that folks should provision
 # only when going from an old version of the code to a newer version. Bump