I have a Discourse site running as SSO client for WordPress. I have a custom user profile on WP. I want to lock down the duplicate settings on the Discourse side as far as possible. My php developer has implemented API calls to update the name field and avatar in Discourse. There are also some custom fields that get updated. Also a number of groups. To get the avatar field to update in our sandbox I had to change the Discourse setting to allow users to update their avatar. On the production site I had to allow both editing of the name field and the avatar to get each to work. The custom fields, while non-editable by non-admins update as they should on both the sandbox and production site. Groups update fine. Site settings are the same on both installs but there are multiple Discourse settings that I think might be influencing this behavior and I may have had things temporarily checked on one site and not the other.
So my questions are:
- Should I have to make name and avatar user-editable to get successful updates through the API?
- If so, why the difference in behavior between the sandbox and the production site?
- If not is this behavior a Discourse bug?