yv01p/Umbraco-CMS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Updated to move the logic for whether the password change can occur, into the controller,

Browse Source
This commit is contained in:
Emma Garland
2021-02-26 12:42:18 +00:00
parent 8f392c252a
commit c36aaabd0e
5 changed files with 27 additions and 51 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
src/Umbraco.Web.BackOffice/Controllers/UsersController.cs
View File

@@ -708,8 +708,18 @@ namespace Umbraco.Cms.Web.BackOffice.Controllers
}
IUser currentUser = _backOfficeSecurityAccessor.BackOfficeSecurity.CurrentUser;
changingPasswordModel.CurrentUserHasSectionAccess = currentUser.HasSectionAccess(Constants.Applications.Users);
changingPasswordModel.CurrentUsername = currentUser.Username;
// if it's the current user, the current user cannot reset their own password
if (currentUser.Username == found.Username)
{
return new ValidationErrorResult("Password reset is not allowed");
}
// if the current user has access to reset/manually change the password
if (currentUser.HasSectionAccess(Constants.Applications.Users) == false)
{
return new ValidationErrorResult("The current user is not authorized");
}
Attempt<PasswordChangedModel> passwordChangeResult = await _passwordChanger.ChangePasswordWithIdentityAsync(changingPasswordModel, _userManager);