Check old password for normal user in SetPassword()

2025-05-22 18:25:47 +08:00 · 2023-09-15 10:21:02 +08:00 · 2023-09-15 10:21:02 +08:00 · 1276da4daa
commit 1276da4daa
parent 616629ef99
1 changed files with 10 additions and 1 deletions
--- a/controllers/user.go
+++ b/controllers/user.go
@ -457,6 +457,8 @@ func (c *ApiController) SetPassword() {
 		return
 	}

+	isAdmin := c.IsAdmin()
+	if isAdmin {
 		if oldPassword != "" {
 			msg := object.CheckPassword(targetUser, oldPassword, c.GetAcceptLanguage())
 			if msg != "" {
@ -464,6 +466,13 @@ func (c *ApiController) SetPassword() {
 				return
 			}
 		}
+	} else {
+		msg := object.CheckPassword(targetUser, oldPassword, c.GetAcceptLanguage())
+		if msg != "" {
+			c.ResponseError(msg)
+			return
+		}
+	}

 	msg := object.CheckPasswordComplexity(targetUser, newPassword)
 	if msg != "" {