fix bug #3189: fix change_password permission checks, run protected

This commit is contained in:
Dietmar Maurer 2020-12-05 16:20:29 +01:00
parent 956e5fec1f
commit ec00200411

View File

@ -181,6 +181,7 @@ fn create_ticket(
} }
#[api( #[api(
protected: true,
input: { input: {
properties: { properties: {
userid: { userid: {
@ -195,7 +196,6 @@ fn create_ticket(
description: "Anybody is allowed to change there own password. In addition, users with 'Permissions:Modify' privilege may change any password.", description: "Anybody is allowed to change there own password. In addition, users with 'Permissions:Modify' privilege may change any password.",
permission: &Permission::Anybody, permission: &Permission::Anybody,
}, },
)] )]
/// Change user password /// Change user password
/// ///
@ -215,7 +215,7 @@ fn change_password(
let mut allowed = userid == current_user; let mut allowed = userid == current_user;
if userid == "root@pam" { allowed = true; } if current_user == "root@pam" { allowed = true; }
if !allowed { if !allowed {
let user_info = CachedUserInfo::new()?; let user_info = CachedUserInfo::new()?;