Allow administrator to always change password

Jellyfin.Api/Controllers/UserController.cs

@@ -282,17 +282,20 @@ namespace Jellyfin.Api.Controllers
             }
             else
             {
-                var success = await _userManager.AuthenticateUser(
-                    user.Username,
-                    request.CurrentPw,
-                    request.CurrentPw,
-                    HttpContext.GetNormalizedRemoteIp().ToString(),
-                    false,
-                    ignoreParentalSchedule: true).ConfigureAwait(false);
-
-                if (success == null)
+                if (await RequestHelpers.IsUserAdministrator(_authContext, HttpContext.Request).ConfigureAwait(false))
                 {
-                    return StatusCode(StatusCodes.Status403Forbidden, "Invalid user or password entered.");
+                    var success = await _userManager.AuthenticateUser(
+                        user.Username,
+                        request.CurrentPw,
+                        request.CurrentPw,
+                        HttpContext.GetNormalizedRemoteIp().ToString(),
+                        false,
+                        ignoreParentalSchedule: true).ConfigureAwait(false);
+
+                    if (success == null)
+                    {
+                        return StatusCode(StatusCodes.Status403Forbidden, "Invalid user or password entered.");
+                    }
                 }
 
                 await _userManager.ChangePassword(user, request.NewPw).ConfigureAwait(false);

Jellyfin.Api/Helpers/RequestHelpers.cs

@@ -76,6 +76,18 @@ namespace Jellyfin.Api.Helpers
             return true;
         }
 
+        /// <summary>
+        /// Checks if the user is administrator.
+        /// </summary>
+        /// <param name="authContext">Instance of the <see cref="IAuthorizationContext"/> interface.</param>
+        /// <param name="requestContext">The <see cref="HttpRequest"/>.</param>
+        /// <returns>A <see cref="bool"/> whether the user can update the entry.</returns>
+        internal static async Task<bool> IsUserAdministrator(IAuthorizationContext authContext, HttpRequest requestContext)
+        {
+            var auth = await authContext.GetAuthorizationInfo(requestContext).ConfigureAwait(false);
+            return auth.User.HasPermission(PermissionKind.IsAdministrator);
+        }
+
         internal static async Task<SessionInfo> GetSession(ISessionManager sessionManager, IAuthorizationContext authContext, HttpRequest request)
         {
             var authorization = await authContext.GetAuthorizationInfo(request).ConfigureAwait(false);