From 1276da4daa606d3a587df147bce98fc7d36fa4da Mon Sep 17 00:00:00 2001
From: Yang Luo <hsluoyz@qq.com>
Date: Fri, 15 Sep 2023 10:21:02 +0800
Subject: [PATCH] Check old password for normal user in SetPassword()

---
 controllers/user.go | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/controllers/user.go b/controllers/user.go
index 7d8754bb..c6bc13b0 100644
--- a/controllers/user.go
+++ b/controllers/user.go
@@ -457,7 +457,16 @@ func (c *ApiController) SetPassword() {
 		return
 	}
 
-	if oldPassword != "" {
+	isAdmin := c.IsAdmin()
+	if isAdmin {
+		if oldPassword != "" {
+			msg := object.CheckPassword(targetUser, oldPassword, c.GetAcceptLanguage())
+			if msg != "" {
+				c.ResponseError(msg)
+				return
+			}
+		}
+	} else {
 		msg := object.CheckPassword(targetUser, oldPassword, c.GetAcceptLanguage())
 		if msg != "" {
 			c.ResponseError(msg)