fix bug #3189: fix change_password permission checks, run protected
This commit is contained in:
parent
956e5fec1f
commit
ec00200411
@ -181,6 +181,7 @@ fn create_ticket(
|
|||||||
}
|
}
|
||||||
|
|
||||||
#[api(
|
#[api(
|
||||||
|
protected: true,
|
||||||
input: {
|
input: {
|
||||||
properties: {
|
properties: {
|
||||||
userid: {
|
userid: {
|
||||||
@ -195,7 +196,6 @@ fn create_ticket(
|
|||||||
description: "Anybody is allowed to change there own password. In addition, users with 'Permissions:Modify' privilege may change any password.",
|
description: "Anybody is allowed to change there own password. In addition, users with 'Permissions:Modify' privilege may change any password.",
|
||||||
permission: &Permission::Anybody,
|
permission: &Permission::Anybody,
|
||||||
},
|
},
|
||||||
|
|
||||||
)]
|
)]
|
||||||
/// Change user password
|
/// Change user password
|
||||||
///
|
///
|
||||||
@ -215,7 +215,7 @@ fn change_password(
|
|||||||
|
|
||||||
let mut allowed = userid == current_user;
|
let mut allowed = userid == current_user;
|
||||||
|
|
||||||
if userid == "root@pam" { allowed = true; }
|
if current_user == "root@pam" { allowed = true; }
|
||||||
|
|
||||||
if !allowed {
|
if !allowed {
|
||||||
let user_info = CachedUserInfo::new()?;
|
let user_info = CachedUserInfo::new()?;
|
||||||
|
Loading…
Reference in New Issue
Block a user