[Fix] don't persist set password if don't have privilege
This commit is contained in:
parent
9038042f34
commit
5b6183319c
|
@ -46,9 +46,14 @@ public class PrivilegeSetUserPasswordService extends AbstractService<PrivilegeSe
|
|||
|
||||
li.strolch.runtime.privilege.PrivilegeHandler strolchPrivilegeHandler = getContainer().getPrivilegeHandler();
|
||||
PrivilegeHandler privilegeHandler = strolchPrivilegeHandler.getPrivilegeHandler();
|
||||
|
||||
privilegeHandler.setUserPassword(getCertificate(), arg.username, arg.password);
|
||||
|
||||
// only persist if not setting own password
|
||||
if (!getCertificate().getUsername().equals(arg.username) && getPrivilegeContext().getPrivilegeNames()
|
||||
.contains(PrivilegeHandler.PRIVILEGE_ACTION_PERSIST)) {
|
||||
|
||||
privilegeHandler.persist(getCertificate());
|
||||
}
|
||||
|
||||
try (StrolchTransaction tx = openArgOrUserTx(arg, PrivilegeHandler.PRIVILEGE_SET_USER_PASSWORD)) {
|
||||
tx.setSuppressAudits(true);
|
||||
|
|
Loading…
Reference in New Issue