From 1b172d214b1eaf2ed0e83c83ebce73a0244afda2 Mon Sep 17 00:00:00 2001
From: Mike Cao <mike@mikecao.com>
Date: Sat, 28 Nov 2020 13:28:52 -0800
Subject: [PATCH] Fix password change issue for non-admin accounts.

---
 pages/api/account/password.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pages/api/account/password.js b/pages/api/account/password.js
index 1b364d7b..ba3a7993 100644
--- a/pages/api/account/password.js
+++ b/pages/api/account/password.js
@@ -9,7 +9,7 @@ export default async (req, res) => {
   const { user_id: auth_user_id, is_admin } = req.auth;
   const { user_id, current_password, new_password } = req.body;
 
-  if (!is_admin || user_id !== auth_user_id) {
+  if (!is_admin && user_id !== auth_user_id) {
     return unauthorized(res);
   }