fix bug #3189: fix change_password permission checks, run protected
This commit is contained in:
parent
956e5fec1f
commit
ec00200411
@ -181,6 +181,7 @@ fn create_ticket(
|
||||
}
|
||||
|
||||
#[api(
|
||||
protected: true,
|
||||
input: {
|
||||
properties: {
|
||||
userid: {
|
||||
@ -195,7 +196,6 @@ fn create_ticket(
|
||||
description: "Anybody is allowed to change there own password. In addition, users with 'Permissions:Modify' privilege may change any password.",
|
||||
permission: &Permission::Anybody,
|
||||
},
|
||||
|
||||
)]
|
||||
/// Change user password
|
||||
///
|
||||
@ -215,7 +215,7 @@ fn change_password(
|
||||
|
||||
let mut allowed = userid == current_user;
|
||||
|
||||
if userid == "root@pam" { allowed = true; }
|
||||
if current_user == "root@pam" { allowed = true; }
|
||||
|
||||
if !allowed {
|
||||
let user_info = CachedUserInfo::new()?;
|
||||
|
Loading…
Reference in New Issue
Block a user