From c433c6ccdab226fd9cec233abab582c4b9a47cc8 Mon Sep 17 00:00:00 2001
From: James Muehlner <james.muehlner@guac-dev.org>
Date: Thu, 15 Jun 2023 22:33:40 +0000
Subject: [PATCH] GUACAMOLE-1812: Always show the UI to edit own password for
 administrators.

---
 .../directives/guacSettingsPreferences.js         | 15 +++++++++++----
 1 file changed, 11 insertions(+), 4 deletions(-)

diff --git a/guacamole/src/main/frontend/src/app/settings/directives/guacSettingsPreferences.js b/guacamole/src/main/frontend/src/app/settings/directives/guacSettingsPreferences.js
index aad0a2e0e..3ab03d028 100644
--- a/guacamole/src/main/frontend/src/app/settings/directives/guacSettingsPreferences.js
+++ b/guacamole/src/main/frontend/src/app/settings/directives/guacSettingsPreferences.js
@@ -174,10 +174,17 @@ angular.module('settings').directive('guacSettingsPreferences', [function guacSe
             permissionService.getEffectivePermissions(dataSource, username)
             .then(function permissionsRetrieved(permissions) {
 
-                // Add action for changing password if permission is granted
-                $scope.canChangePassword = PermissionSet.hasUserPermission(permissions,
-                        PermissionSet.ObjectPermissionType.UPDATE, username);
-                        
+                // Add action for updating password
+                $scope.canChangePassword = (
+
+                        // If permission is explicitly granted
+                        PermissionSet.hasUserPermission(permissions,
+                            PermissionSet.ObjectPermissionType.UPDATE, username)
+
+                        // Or if implicitly granted through being an administrator
+                        || PermissionSet.hasSystemPermission(permissions,
+                            PermissionSet.SystemPermissionType.ADMINISTER));
+
             })
             ['catch'](requestService.createErrorCallback(function permissionsFailed(error) {
                 $scope.canChangePassword = false;