From 31f5d1e667d43c59b3771f38bf56b417f15e1853 Mon Sep 17 00:00:00 2001
From: srosse <stephane.rosse@frentix.com>
Date: Fri, 22 Mar 2019 09:09:11 +0100
Subject: [PATCH] OO-3984: reduce the permissions of user manager to change
 passwords

---
 src/main/java/org/olat/admin/user/UserAdminController.java | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/src/main/java/org/olat/admin/user/UserAdminController.java b/src/main/java/org/olat/admin/user/UserAdminController.java
index 9f69ac65d16..ee534083d03 100644
--- a/src/main/java/org/olat/admin/user/UserAdminController.java
+++ b/src/main/java/org/olat/admin/user/UserAdminController.java
@@ -498,8 +498,7 @@ public class UserAdminController extends BasicController implements Activateable
 
 	private boolean isPasswordChangesAllowed(Identity identity) {
 		if (managerRoles.isManagerOf(OrganisationRoles.administrator, editedRoles)
-				|| managerRoles.isManagerOf(OrganisationRoles.rolesmanager, editedRoles)
-				|| managerRoles.isManagerOf(OrganisationRoles.usermanager, editedRoles)) {
+				|| managerRoles.isManagerOf(OrganisationRoles.rolesmanager, editedRoles)) {
 			// show pwd form only if user has also right to create new passwords in case
 			// of a user that has no password yet
 			if(ldapLoginModule.isLDAPEnabled() && ldapLoginManager.isIdentityInLDAPSecGroup(identity)) {
-- 
GitLab