inteligr8/alfresco-community-repo
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-community-repo.git synced 2025-08-14 17:58:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix for ALFCOM-3086 - admin enforced to enter an old password when changing their own password.

Browse Source 
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@15017 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Kevin Roast
2009-06-29 19:28:36 +00:00
parent 67e14e9e63
commit 422ec06961
1 changed files with 3 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
source/java/org/alfresco/repo/web/scripts/person/ChangePasswordPost.java
View File

@@ -94,7 +94,7 @@ public class ChangePasswordPost extends DeclarativeWebScript
// admin users can change/set a password without knowing the old one
boolean isAdmin = authorityService.hasAdminAuthority();
if (!isAdmin)
if (!isAdmin || (userName.equalsIgnoreCase(authenticationService.getCurrentUserName())))
{
if (!json.has(PARAM_OLDPW) || json.getString(PARAM_OLDPW).length() == 0)
{
@@ -111,7 +111,8 @@ public class ChangePasswordPost extends DeclarativeWebScript
newPassword = json.getString(PARAM_NEWPW);
// update the password
if (!isAdmin)
// an Admin user can update without knowing the original pass - but must know their own!
if (!isAdmin || (userName.equalsIgnoreCase(authenticationService.getCurrentUserName())))
{
authenticationService.updateAuthentication(userName, oldPassword.toCharArray(), newPassword.toCharArray());
}