From b38ea8186edee88eb28b8eb0caf38157435a7e6a Mon Sep 17 00:00:00 2001
From: Leonardo Dias <contato.leonardod@yahoo.com>
Date: Thu, 3 Jun 2021 14:17:57 -0300
Subject: [PATCH] fix: error when resetting password of a non admin user (#252)

Fixes #246
---
 API/Controllers/AccountController.cs | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/API/Controllers/AccountController.cs b/API/Controllers/AccountController.cs
index 671a436b0..8c3c05c85 100644
--- a/API/Controllers/AccountController.cs
+++ b/API/Controllers/AccountController.cs
@@ -45,9 +45,9 @@ namespace API.Controllers
         {
             _logger.LogInformation("{UserName} is changing {ResetUser}'s password", User.GetUsername(), resetPasswordDto.UserName);
             var user = await _userManager.Users.SingleAsync(x => x.UserName == resetPasswordDto.UserName);
-            var isAdmin = await _userManager.IsInRoleAsync(user, PolicyConstants.AdminRole);
 
-            if (resetPasswordDto.UserName != User.GetUsername() && !isAdmin) return Unauthorized("You are not permitted to this operation.");
+            if (resetPasswordDto.UserName != User.GetUsername() && !User.IsInRole(PolicyConstants.AdminRole))
+                return Unauthorized("You are not permitted to this operation.");
             
             // Validate Password
             foreach (var validator in _userManager.PasswordValidators)