public boolean canChangePassword()

in src/main/java/org/apache/sling/jackrabbit/usermanager/impl/AuthorizablePrivilegesInfoImpl.java [349:376]

• 23 lines of code
• 6 McCabe index (conditional complexity)

    public boolean canChangePassword(Session jcrSession, String userId) {
        boolean hasRights = false;
        try {
            hasRights = checkAuthorizablePath(jcrSession, userId,
                    //system users and anonymous have no passwords
                    authorizable -> authorizable instanceof User &&
                        !((User)authorizable).isSystemUser() && !"anonymous".equals(authorizable.getID()),
                    path -> {
                        boolean allowed = false;
                        //check if the non-admin user has sufficient rights on the home folder
                        AccessControlManager acm = jcrSession.getAccessControlManager();
                        Set<Privilege> requiredPrivileges = new HashSet<>();
                        requiredPrivileges.add(acm.privilegeFromName(Privilege.JCR_READ));
                        requiredPrivileges.add(acm.privilegeFromName(PrivilegeConstants.REP_USER_MANAGEMENT));
                        allowed = acm.hasPrivileges(path, requiredPrivileges.toArray(new Privilege[requiredPrivileges.size()]));

                        if (!allowed && jcrSession.getUserID().equals(userId)) {
                            // check if the ChangeUserPassword service is configured to always allow
                            // a user to change their own password.
                            allowed = alwaysAllowSelfChangePassword;
                        }
                        return allowed;
                    });
        } catch (RepositoryException e) {
            log.warn("Failed to determine if {} can change the password of user {}", jcrSession.getUserID(), userId);
        }
        return hasRights;
    }