I wonder if this is only enabled on hosted Canvas. I just built a new version of this dockerized Canvas, verified that the default user is a site admin, added a new email address to that account, and tried to switch it to primary via:
http -v -f put http://$(docker-machine ip dev):8003/api/v1/users/1 Authorization:"Bearer canvas-docker" "user[email]"=canvas@example.org
$ http -v -f put http://$(docker-machine ip dev):8003/api/v1/users/1 Authorization:"Bearer canvas-docker" "user[email]"=canvas@example.org
PUT /api/v1/users/1 HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
Authorization: Bearer canvas-docker
Connection: keep-alive
Content-Length: 36
Content-Type: application/x-www-form-urlencoded; charset=utf-8
Host: 192.168.99.100:8003
User-Agent: HTTPie/0.9.2
user%5Bemail%5D=canvas%40example.org
HTTP/1.1 401 Unauthorized
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Connection: close
Content-Type: application/json; charset=utf-8
Date: Fri, 28 Aug 2015 20:14:10 GMT
Pragma: no-cache
Server: thin
Set-Cookie: _csrf_token=deC9jjiRf40Q%2Bi7tAm3iP4ORK%2B82bYXHkjjTWWxHlVUEtNHgWuU%2BxSWcbLdKX45ayKRygHsut6b8butyGRSiBQ%3D%3D; path=/
Set-Cookie: _normandy_session=_6HxPDl9THUG7iS2p_78iQ.qMHzy3MxRPTYeqeUTnl5y3lAwMTfeojnzgMfGXIn1jUHUP8xXLFA1ij0_PhRz9m32VmX5bAtQri76dfOTXSYzpvpp7L_hsl3bVm94Yy1tvVE-yJUTh7YjIDVmJyHmEBW.XZyxdNfeOGpYdcHnyusBw8FAuRs.VeDBEg; path=/; HttpOnly
X-Canvas-Meta: at=10000000000001;dk=10000000000001;o=users;n=update;b=617484;m=617484;u=0.04;y=0.00;d=0.00;
X-Canvas-User-Id: 10000000000001
X-Frame-Options: SAMEORIGIN
X-Rack-Cache: invalidate, pass
X-Rate-Limit-Remaining: 600
X-Request-Context-Id: 435bf0a3-729b-441b-8dca-9ff38a3440ee
X-Request-Cost: 0.043873478999999146
X-Runtime: 0.039573
X-Session-Id: f91271ff11fbd36b1510e1cd6ef31445
X-UA-Compatible: IE=Edge
{
"errors": [
{
"message": "user not authorized to perform that action"
}
],
"status": "unauthorized"
}
