Now admins can modify other users passwords

2024-09-19 19:01:03 +00:00 · 2017-07-27 10:23:24 +02:00 · 2017-07-27 10:23:24 +02:00 · fcf1a83234
commit fcf1a83234
parent fe5e966dbc
2 changed files with 11 additions and 6 deletions
--- a/supysonic/frontend/user.py
+++ b/supysonic/frontend/user.py
@ -130,11 +130,14 @@ def change_password(uid):
 			return redirect(url_for('index'))
 		user = UserManager.get(store, uid)[1].name
 	if request.method == 'POST':
-		current, new, confirm = map(request.form.get, [ 'current', 'new', 'confirm' ])
 		error = False
+		if uid == 'me' or uid == session.get('userid'):
+			current, new, confirm = map(request.form.get, [ 'current', 'new', 'confirm' ])
 			if current in ('', None):
 				flash('The current password is required')
 				error = True
+		else:
+			new, confirm = map(request.form.get, [ 'new', 'confirm' ])
 		if new in ('', None):
 			flash('The new password is required')
 			error = True
@ -143,10 +146,10 @@ def change_password(uid):
 			error = True

 		if not error:
-			if uid == 'me':
+			if uid == 'me' or uid == session.get('userid'):
 				status = UserManager.change_password(store, session.get('userid'), current, new)
 			else:
-				status = UserManager.change_password(store, uuid.UUID(uid), current, new)
+				status = UserManager.change_password2(store, UserManager.get(store, uid)[1].name, new)
 			if status != UserManager.SUCCESS:
 				flash(UserManager.error_str(status))
 			else:
--- a/supysonic/templates/change_pass.html
+++ b/supysonic/templates/change_pass.html
@ -38,6 +38,7 @@
  <h2>{{ user }}</h2>
 </div>
 <form method="post">
+  {% if session.username == user %}
  <div class="form-group">
    <label class="sr-only" for="current">Current password</label>
    <div class="input-group">
@ -45,6 +46,7 @@
      <input type="password" class="form-control" id="current" name="current" placeholder="Current password" />
    </div>
  </div>
+  {% endif %}
  <div class="form-group">
    <label class="sr-only" for="new">New password</label>
    <div class="input-group">