Eric Norman created SLING-12202: ----------------------------------- Summary: add AuthorizablePrivilegesInfo#canChangePasswordWithoutOldPassword Key: SLING-12202 URL: https://issues.apache.org/jira/browse/SLING-12202 Project: Sling Issue Type: Improvement Reporter: Eric Norman Assignee: Eric Norman Fix For: JCR Jackrabbit User Manager 2.2.30
The AuthorizablePrivilegesInfo should have a canChangePasswordWithoutOldPassword method that can be called to tell if the current user can change the password of another user without knowing the original password of that user. This currently means the current user must the be the admin user or a member of the configured UserAdmin group. This would be a convenience so that "change password" UI can more easily determine the appropriate fields to render on screen without having to duplicate logic from the ChangeUserPasswordServlet. -- This message was sent by Atlassian Jira (v8.20.10#820010)