Split user update and password update #147
Description
Is your feature request related to a problem? Please describe.
Currently the user-edit fields in the User-Info UI (= Edit username, user-email and password) are saved by calling the API function updateUser in UserController. Since this API function also allows for changing Roles associated with the User it is only callable for Users with the privilege USER_EDIT_ALL (usually Admins). Therefore changing the password or other info for the logged in user this way leads to an error.
Describe the solution you'd like
Create a new API function for only changing the password, username and email. This might imply also splitting up the current UserService function for this purpose. Change the User-Info UI to call this function when User-Details are changed (i.e. the save-button which performs a submit). The API function should only be callable if the logged in user has USER_EDIT_ALL or if the callable user has USER_EDIT and wants to edit themselves:
@PreAuthorize(value = "hasGlobalPermission(@PC.USER_EDIT_ALL) or (hasGlobalPermission(@PC.USER_EDIT) and #userId.equals(loggedInUUID()))")
Additional context
This issue impacts both the API and the UI, but there is no seperate API Issue (all handled in this issue).