(ui) allow admins to change user password without asking for the current

app/controllers/api/members_controller.rb

@@ -234,6 +234,12 @@ class API::MembersController < API::ApiController
     render json: @member
   end
 
+  def current
+    @member = current_user
+    authorize @member
+    render json: @member
+  end
+
   private
 
   def set_member

app/frontend/src/javascript/api/member.ts

@@ -34,4 +34,9 @@ export default class MemberAPI {
     });
     return res?.data;
   }
+
+  static async current (): Promise<User> {
+    const res: AxiosResponse<User> = await apiClient.get('/api/members/current');
+    return res?.data;
+  }
 }

app/frontend/src/javascript/components/user/change-password.tsx

@@ -1,4 +1,4 @@
-import React from 'react';
+import React, { useEffect } from 'react';
 import { FabButton } from '../base/fab-button';
 import { FabModal } from '../base/fab-modal';
 import { FormInput } from '../form/form-input';
@@ -8,6 +8,7 @@ import Authentication from '../../api/authentication';
 import { FieldValues } from 'react-hook-form/dist/types/fields';
 import { PasswordInput } from './password-input';
 import { FormState } from 'react-hook-form/dist/types/form';
+import MemberAPI from '../../api/member';
 
 interface ChangePasswordProp<TFieldValues> {
   register: UseFormRegister<TFieldValues>,
@@ -25,9 +26,16 @@ export const ChangePassword = <TFieldValues extends FieldValues>({ register, onE
 
   const [isModalOpen, setIsModalOpen] = React.useState<boolean>(false);
   const [isConfirmedPassword, setIsConfirmedPassword] = React.useState<boolean>(false);
+  const [isPrivileged, setIsPrivileged] = React.useState<boolean>(false);
 
   const { handleSubmit, register: passwordRegister } = useForm<{ password: string }>();
 
+  useEffect(() => {
+    MemberAPI.current().then(user => {
+      setIsPrivileged(user.role === 'admin' || user.role === 'manager');
+    }).catch(error => onError(error));
+  }, []);
+
   /**
    * Opens/closes the dialog asking to confirm the current password before changing it.
    */
@@ -35,6 +43,17 @@ export const ChangePassword = <TFieldValues extends FieldValues>({ register, onE
     setIsModalOpen(!isModalOpen);
   };
 
+  /**
+   * Callback triggered when the user clicks on the "change my password" button
+   */
+  const handleChangePasswordRequested = () => {
+    if (isPrivileged) {
+      setIsConfirmedPassword(true);
+    } else {
+      toggleConfirmationModal();
+    }
+  };
+
   /**
    * Callback triggered when the user confirms his current password.
    */
@@ -59,7 +78,7 @@ export const ChangePassword = <TFieldValues extends FieldValues>({ register, onE
 
   return (
     <div className="change-password">
-      {!isConfirmedPassword && <FabButton onClick={() => toggleConfirmationModal()}>
+      {!isConfirmedPassword && <FabButton onClick={() => handleChangePasswordRequested()}>
         {t('app.shared.change_password.change_my_password')}
       </FabButton>}
       {isConfirmedPassword && <div className="password-fields">

app/policies/user_policy.rb

@@ -19,6 +19,10 @@ class UserPolicy < ApplicationPolicy
     user.admin? || user.manager? || (record.is_allow_contact && record.member?) || (user.id == record.id)
   end
 
+  def current?
+    user.admin? || user.manager? || (user.id == record.id)
+  end
+
   def update?
     user.admin? || user.manager? || (user.id == record.id)
   end

config/routes.rb

@@ -55,6 +55,7 @@ Rails.application.routes.draw do
       get '/export_subscriptions', action: 'export_subscriptions', on: :collection
       get '/export_reservations', action: 'export_reservations', on: :collection
       get '/export_members', action: 'export_members', on: :collection
+      get 'current', action: 'current', on: :collection
       put ':id/merge', action: 'merge', on: :collection
       post 'list', action: 'list', on: :collection
       get 'search/:query', action: 'search', on: :collection