yv01p/Umbraco-CMS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Updated to move the logic for whether the password change can occur, into the controller,

Browse Source
This commit is contained in:
Emma Garland
2021-02-26 12:42:18 +00:00
parent 8f392c252a
commit c36aaabd0e
5 changed files with 27 additions and 51 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
src/Umbraco.Web.BackOffice/Controllers/CurrentUserController.cs
View File

@@ -223,13 +223,12 @@ namespace Umbraco.Cms.Web.BackOffice.Controllers
public async Task<ActionResult<ModelWithNotifications<string>>> PostChangePassword(ChangingPasswordModel changingPasswordModel)
{
IUser currentUser = _backOfficeSecurityAccessor.BackOfficeSecurity.CurrentUser;
changingPasswordModel.CurrentUserHasSectionAccess = currentUser.HasSectionAccess(Constants.Applications.Users);
// the current user has access to change their password
changingPasswordModel.CurrentUserHasSectionAccess = true;
changingPasswordModel.CurrentUsername = currentUser.Username;
changingPasswordModel.SavingUsername = currentUser.Username;
changingPasswordModel.SavingUserId = currentUser.Id;
// if the current user has access to reset/manually change the password
if (currentUser.HasSectionAccess(Constants.Applications.Users) == false)
{
return new ValidationErrorResult("The current user is not authorized");
}
Attempt<PasswordChangedModel> passwordChangeResult = await _passwordChanger.ChangePasswordWithIdentityAsync(changingPasswordModel, _backOfficeUserManager);