From 63a74ee7ac27d30d2cf5bdd0f8812189e4f698d2 Mon Sep 17 00:00:00 2001
From: konrad <k@knt.li>
Date: Fri, 26 Jan 2018 15:09:33 +0100
Subject: [PATCH] Fixed a bug where a user couldn't update its own password

---
 routes/api/v1/user_update_password.go | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/routes/api/v1/user_update_password.go b/routes/api/v1/user_update_password.go
index 685b58e..0c2e554 100644
--- a/routes/api/v1/user_update_password.go
+++ b/routes/api/v1/user_update_password.go
@@ -30,8 +30,10 @@ func UserChangePassword(c echo.Context) error {
 
 	// Check if the user is admin or itself
 	userJWTinfo, err := models.GetCurrentUser(c)
-	if !models.IsAdmin(c) || userJWTinfo.ID == userID {
-		return echo.ErrUnauthorized
+	if !models.IsAdmin(c) {
+		if userJWTinfo.ID != userID {
+			return echo.ErrUnauthorized
+		}
 	}
 
 	// Check for Request Content