From 2823c0b342ff1c7046ae13cf4faeadca8d4dce54 Mon Sep 17 00:00:00 2001
From: Vikas Potluri <vikaspotluri123.github@gmail.com>
Date: Mon, 15 Jul 2019 01:19:31 -0500
Subject: [PATCH] :bug: Allowed administrators to change other users' passwords
 (#10891)

closes #10427

- Administrators don't know other users' passwords, but they should be able to change other users' password
- Don't require oldPassword to be provided
---
 core/server/api/v2/users.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/core/server/api/v2/users.js b/core/server/api/v2/users.js
index bbfbb3914d..c529e06670 100644
--- a/core/server/api/v2/users.js
+++ b/core/server/api/v2/users.js
@@ -146,7 +146,7 @@ module.exports = {
             data: {
                 newPassword: {required: true},
                 ne2Password: {required: true},
-                oldPassword: {required: true},
+                oldPassword: {required: false},
                 user_id: {required: true}
             }
         },