Bugfix: Allowing organization admins to edit password

098817c9 · Tor-Einar Skog · a724ad4c · 098817c9
Commit 098817c9 authored 7 years ago by Tor-Einar Skog
--- a/src/main/java/no/nibio/vips/logic/controller/servlet/UserController.java
+++ b/src/main/java/no/nibio/vips/logic/controller/servlet/UserController.java
@@ -315,8 +315,11 @@ public class UserController extends HttpServlet {
                        String messageKey = "";
                        if(userId > 0)
                        {
-                            // Superuser can change username and password
+                            // Superuser can change username and password for everyone
-                            if(user.isSuperUser())
+                            // Organization admin can change username and password for members of on organization
+                            if(user.isSuperUser() ||
+                                    (user.isOrganizationAdmin() && viewUser.getOrganization_id().equals(user.getOrganization_id()))
+                            )
                            {
                                UserAuthentication auth = viewUser.getPasswordAuthentication();
                                auth.setUsername(username);