Allowed retrieval of current user configuration when accessing user profile as a non-admin user (#18099)

AndyButland · iOvergaard · AndyButland · commit af662fe0e1b1 · 2025-01-24T10:56:29.000+01:00
* Allowed retrieval of current user configuration when accessing user profile as a non-admin user.

* Update src/Umbraco.Web.UI.Client/src/packages/user/user/repository/config/current-user-config.repository.ts

---------

Co-authored-by: Jacob Overgaard &lt;752371+iOvergaard@users.noreply.github.com&gt;
diff --git a/src/Umbraco.Cms.Api.Management/Factories/UserPresentationFactory.cs b/src/Umbraco.Cms.Api.Management/Factories/UserPresentationFactory.cs
@@ -143,6 +143,10 @@ public async Task<CurrenUserConfigurationResponseModel> CreateCurrentUserConfigu
             KeepUserLoggedIn = _securitySettings.KeepUserLoggedIn,
             UsernameIsEmail = _securitySettings.UsernameIsEmail,
             PasswordConfiguration = _passwordConfigurationPresentationFactory.CreatePasswordConfigurationResponseModel(),
+
+            // You should not be able to change any password or set 2fa if any providers has deny local login set.
+            AllowChangePassword = _externalLoginProviders.HasDenyLocalLogin() is false,
+            AllowTwoFactor = _externalLoginProviders.HasDenyLocalLogin() is false,
         };
 
         return await Task.FromResult(model);
diff --git a/src/Umbraco.Cms.Api.Management/OpenApi.json b/src/Umbraco.Cms.Api.Management/OpenApi.json
@@ -35929,6 +35929,8 @@
       },
       "CurrenUserConfigurationResponseModel": {
         "required": [
+          "allowChangePassword",
+          "allowTwoFactor",
           "keepUserLoggedIn",
           "passwordConfiguration",
           "usernameIsEmail"
@@ -35948,6 +35950,12 @@
                 "$ref": "#/components/schemas/PasswordConfigurationResponseModel"
               }
             ]
+          },
+          "allowChangePassword": {
+            "type": "boolean"
+          },
+          "allowTwoFactor": {
+            "type": "boolean"
           }
         },
         "additionalProperties": false
diff --git a/src/Umbraco.Cms.Api.Management/ViewModels/User/Current/CurrenUserConfigurationResponseModel.cs b/src/Umbraco.Cms.Api.Management/ViewModels/User/Current/CurrenUserConfigurationResponseModel.cs
@@ -1,7 +1,8 @@
-﻿using Umbraco.Cms.Api.Management.ViewModels.Security;
+using Umbraco.Cms.Api.Management.ViewModels.Security;
 
 namespace Umbraco.Cms.Api.Management.ViewModels.User.Current;
 
+// TODO (V16): Correct the spelling on this class name, it should be CurrentUserConfigurationResponseModel.
 public class CurrenUserConfigurationResponseModel
 {
     public bool KeepUserLoggedIn { get; set; }
@@ -10,4 +11,8 @@ public class CurrenUserConfigurationResponseModel
     public bool UsernameIsEmail { get; set; }
 
     public required PasswordConfigurationResponseModel PasswordConfiguration { get; set; }
+
+    public bool AllowChangePassword { get; set; }
+
+    public bool AllowTwoFactor { get; set; }
 }
diff --git a/src/Umbraco.Web.UI.Client/src/external/backend-api/src/types.gen.ts b/src/Umbraco.Web.UI.Client/src/external/backend-api/src/types.gen.ts
@@ -470,6 +470,8 @@ export type CurrenUserConfigurationResponseModel = {
      */
     usernameIsEmail: boolean;
     passwordConfiguration: (PasswordConfigurationResponseModel);
+    allowChangePassword: boolean;
+    allowTwoFactor: boolean;
 };
 
 export type DatabaseInstallRequestModel = {
diff --git a/src/Umbraco.Web.UI.Client/src/packages/user/change-password/entity-action/manifests.ts b/src/Umbraco.Web.UI.Client/src/packages/user/change-password/entity-action/manifests.ts
@@ -1,4 +1,4 @@
-import { UMB_USER_ENTITY_TYPE } from '@umbraco-cms/backoffice/user';
+import { UMB_USER_ALLOW_CHANGE_PASSWORD_CONDITION_ALIAS, UMB_USER_ENTITY_TYPE } from '@umbraco-cms/backoffice/user';
 
 export const manifests: Array<UmbExtensionManifest> = [
 	{
@@ -18,7 +18,7 @@ export const manifests: Array<UmbExtensionManifest> = [
 				alias: 'Umb.Condition.User.IsDefaultKind',
 			},
 			{
-				alias: 'Umb.Condition.User.AllowChangePassword',
+				alias: UMB_USER_ALLOW_CHANGE_PASSWORD_CONDITION_ALIAS,
 			},
 		],
 	},
diff --git a/src/Umbraco.Web.UI.Client/src/packages/user/current-user/mfa-login/manifests.ts b/src/Umbraco.Web.UI.Client/src/packages/user/current-user/mfa-login/manifests.ts
@@ -1,3 +1,5 @@
+import { UMB_CURRENT_USER_ALLOW_MFA_CONDITION_ALIAS } from '@umbraco-cms/backoffice/user';
+
 export const manifests: Array<UmbExtensionManifest> = [
 	{
 		type: 'currentUserAction',
@@ -13,7 +15,7 @@ export const manifests: Array<UmbExtensionManifest> = [
 		},
 		conditions: [
 			{
-				alias: 'Umb.Condition.User.AllowMfaAction',
+				alias: UMB_CURRENT_USER_ALLOW_MFA_CONDITION_ALIAS,
 			},
 		],
 	},
diff --git a/src/Umbraco.Web.UI.Client/src/packages/user/current-user/profile/manifests.ts b/src/Umbraco.Web.UI.Client/src/packages/user/current-user/profile/manifests.ts
@@ -1,4 +1,5 @@
 import { UMB_SECTION_USER_PERMISSION_CONDITION_ALIAS } from '@umbraco-cms/backoffice/section';
+import { UMB_CURRENT_USER_ALLOW_CHANGE_PASSWORD_CONDITION_ALIAS } from '@umbraco-cms/backoffice/user';
 
 export const manifests: Array<UmbExtensionManifest> = [
 	{
@@ -43,7 +44,7 @@ export const manifests: Array<UmbExtensionManifest> = [
 		},
 		conditions: [
 			{
-				alias: 'Umb.Condition.User.AllowChangePassword',
+				alias: UMB_CURRENT_USER_ALLOW_CHANGE_PASSWORD_CONDITION_ALIAS,
 			},
 		],
 	},
diff --git a/src/Umbraco.Web.UI.Client/src/packages/user/user/conditions/allow-change-password/constants.ts b/src/Umbraco.Web.UI.Client/src/packages/user/user/conditions/allow-change-password/constants.ts
@@ -1 +1,2 @@
 export const UMB_USER_ALLOW_CHANGE_PASSWORD_CONDITION_ALIAS = 'Umb.Condition.User.AllowChangePassword';
+export const UMB_CURRENT_USER_ALLOW_CHANGE_PASSWORD_CONDITION_ALIAS = 'Umb.Condition.CurrentUser.AllowChangePassword';
diff --git a/src/Umbraco.Web.UI.Client/src/packages/user/user/conditions/allow-change-password/current-user-allow-change-password-action.condition.ts b/src/Umbraco.Web.UI.Client/src/packages/user/user/conditions/allow-change-password/current-user-allow-change-password-action.condition.ts
@@ -0,0 +1,27 @@
+import UmbCurrentUserConfigRepository from '../../repository/config/current-user-config.repository.js';
+import type { UmbControllerHost } from '@umbraco-cms/backoffice/controller-api';
+import type { UmbConditionConfigBase } from '@umbraco-cms/backoffice/extension-api';
+import { UmbConditionBase } from '@umbraco-cms/backoffice/extension-registry';
+
+export class UmbCurrentUserAllowChangePasswordActionCondition extends UmbConditionBase<UmbConditionConfigBase> {
+	#configRepository = new UmbCurrentUserConfigRepository(this._host);
+
+	// eslint-disable-next-line @typescript-eslint/no-explicit-any
+	constructor(host: UmbControllerHost, args: any) {
+		super(host, args);
+		this.#init();
+	}
+
+	async #init() {
+		await this.#configRepository.initialized;
+		this.observe(
+			this.#configRepository.part('allowChangePassword'),
+			(isAllowed) => {
+				this.permitted = isAllowed;
+			},
+			'_userAllowChangePasswordActionCondition',
+		);
+	}
+}
+
+export { UmbCurrentUserAllowChangePasswordActionCondition as api };
diff --git a/src/Umbraco.Web.UI.Client/src/packages/user/user/conditions/allow-change-password/manifests.ts b/src/Umbraco.Web.UI.Client/src/packages/user/user/conditions/allow-change-password/manifests.ts
@@ -1,4 +1,4 @@
-import { UMB_USER_ALLOW_CHANGE_PASSWORD_CONDITION_ALIAS } from './constants.js';
+import { UMB_CURRENT_USER_ALLOW_CHANGE_PASSWORD_CONDITION_ALIAS, UMB_USER_ALLOW_CHANGE_PASSWORD_CONDITION_ALIAS } from './constants.js';
 
 export const manifests: Array<UmbExtensionManifest> = [
 	{
@@ -7,4 +7,10 @@ export const manifests: Array<UmbExtensionManifest> = [
 		alias: UMB_USER_ALLOW_CHANGE_PASSWORD_CONDITION_ALIAS,
 		api: () => import('./user-allow-change-password-action.condition.js'),
 	},
+	{
+		type: 'condition',
+		name: 'Current User Allow Change Password Condition',
+		alias: UMB_CURRENT_USER_ALLOW_CHANGE_PASSWORD_CONDITION_ALIAS,
+		api: () => import('./current-user-allow-change-password-action.condition.js'),
+	},
 ];
diff --git a/src/Umbraco.Web.UI.Client/src/packages/user/user/conditions/allow-change-password/user-allow-change-password-action.condition.ts b/src/Umbraco.Web.UI.Client/src/packages/user/user/conditions/allow-change-password/user-allow-change-password-action.condition.ts
@@ -14,7 +14,6 @@ export class UmbUserAllowChangePasswordActionCondition extends UmbConditionBase<
 
 	async #init() {
 		await this.#configRepository.initialized;
-
 		this.observe(
 			this.#configRepository.part('allowChangePassword'),
 			(isAllowed) => {
diff --git a/src/Umbraco.Web.UI.Client/src/packages/user/user/conditions/allow-mfa/constants.ts b/src/Umbraco.Web.UI.Client/src/packages/user/user/conditions/allow-mfa/constants.ts
@@ -1 +1,2 @@
 export const UMB_USER_ALLOW_MFA_CONDITION_ALIAS = 'Umb.Condition.User.AllowMfaAction';
+export const UMB_CURRENT_USER_ALLOW_MFA_CONDITION_ALIAS = 'Umb.Condition.CurrentUser.AllowMfaAction';
diff --git a/src/Umbraco.Web.UI.Client/src/packages/user/user/conditions/allow-mfa/current-user-allow-mfa-action.condition.ts b/src/Umbraco.Web.UI.Client/src/packages/user/user/conditions/allow-mfa/current-user-allow-mfa-action.condition.ts
@@ -0,0 +1,30 @@
+import { UmbCurrentUserConfigRepository } from '../../repository/config/index.js';
+import type { UmbControllerHost } from '@umbraco-cms/backoffice/controller-api';
+import { UmbConditionBase, umbExtensionsRegistry } from '@umbraco-cms/backoffice/extension-registry';
+import { observeMultiple } from '@umbraco-cms/backoffice/observable-api';
+
+export class UmbCurrentUserAllowMfaActionCondition extends UmbConditionBase<never> {
+	#configRepository = new UmbCurrentUserConfigRepository(this._host);
+
+	// eslint-disable-next-line @typescript-eslint/no-explicit-any
+	constructor(host: UmbControllerHost, args: any) {
+		super(host, args);
+		this.#init();
+	}
+
+	async #init() {
+		await this.#configRepository.initialized;
+		this.observe(
+			observeMultiple([
+				this.#configRepository.part('allowTwoFactor'),
+				umbExtensionsRegistry.byType('mfaLoginProvider'),
+			]),
+			([allowTwoFactor, exts]) => {
+				this.permitted = allowTwoFactor && exts.length > 0;
+			},
+			'_userAllowMfaActionCondition',
+		);
+	}
+}
+
+export { UmbCurrentUserAllowMfaActionCondition as api };
diff --git a/src/Umbraco.Web.UI.Client/src/packages/user/user/conditions/allow-mfa/manifests.ts b/src/Umbraco.Web.UI.Client/src/packages/user/user/conditions/allow-mfa/manifests.ts
@@ -1,4 +1,4 @@
-import { UMB_USER_ALLOW_MFA_CONDITION_ALIAS } from './constants.js';
+import { UMB_USER_ALLOW_MFA_CONDITION_ALIAS, UMB_CURRENT_USER_ALLOW_MFA_CONDITION_ALIAS } from './constants.js';
 
 export const manifests: Array<UmbExtensionManifest> = [
 	{
@@ -7,4 +7,10 @@ export const manifests: Array<UmbExtensionManifest> = [
 		alias: UMB_USER_ALLOW_MFA_CONDITION_ALIAS,
 		api: () => import('./user-allow-mfa-action.condition.js'),
 	},
+	{
+		type: 'condition',
+		name: 'Current User Allow Mfa Action Condition',
+		alias: UMB_CURRENT_USER_ALLOW_MFA_CONDITION_ALIAS,
+		api: () => import('./current-user-allow-mfa-action.condition.js'),
+	},
 ];
diff --git a/src/Umbraco.Web.UI.Client/src/packages/user/user/conditions/allow-mfa/user-allow-mfa-action.condition.ts b/src/Umbraco.Web.UI.Client/src/packages/user/user/conditions/allow-mfa/user-allow-mfa-action.condition.ts
@@ -14,7 +14,6 @@ export class UmbUserAllowMfaActionCondition extends UmbConditionBase<never> {
 
 	async #init() {
 		await this.#configRepository.initialized;
-
 		this.observe(
 			observeMultiple([
 				this.#configRepository.part('allowTwoFactor'),
diff --git a/src/Umbraco.Web.UI.Client/src/packages/user/user/entity-actions/manifests.ts b/src/Umbraco.Web.UI.Client/src/packages/user/user/entity-actions/manifests.ts
@@ -1,4 +1,4 @@
-import { UMB_USER_DETAIL_REPOSITORY_ALIAS, UMB_USER_ITEM_REPOSITORY_ALIAS } from '../constants.js';
+import { UMB_USER_ALLOW_MFA_CONDITION_ALIAS, UMB_USER_DETAIL_REPOSITORY_ALIAS, UMB_USER_ITEM_REPOSITORY_ALIAS } from '../constants.js';
 import { UMB_USER_ENTITY_TYPE } from '../entity.js';
 
 import { manifests as createManifests } from './create/manifests.js';
@@ -92,7 +92,7 @@ const entityActions: Array<ManifestEntityAction> = [
 		},
 		conditions: [
 			{
-				alias: 'Umb.Condition.User.AllowMfaAction',
+				alias: UMB_USER_ALLOW_MFA_CONDITION_ALIAS,
 			},
 		],
 	},
diff --git a/src/Umbraco.Web.UI.Client/src/packages/user/user/repository/config/constants.ts b/src/Umbraco.Web.UI.Client/src/packages/user/user/repository/config/constants.ts
@@ -1,3 +1,7 @@
 export const UMB_USER_CONFIG_REPOSITORY_ALIAS = 'Umb.Repository.User.Config';
 export const UMB_USER_CONFIG_STORE_ALIAS = 'Umb.Store.User.Config';
 export { UMB_USER_CONFIG_STORE_CONTEXT } from './user-config.store.token.js';
+
+export const UMB_CURRENT_USER_CONFIG_REPOSITORY_ALIAS = 'Umb.Repository.CurrentUser.Config';
+export const UMB_CURRENT_USER_CONFIG_STORE_ALIAS = 'Umb.Store.CurrentUser.Config';
+export { UMB_CURRENT_USER_CONFIG_STORE_CONTEXT } from './current-user-config.store.token.js';
diff --git a/src/Umbraco.Web.UI.Client/src/packages/user/user/repository/config/current-user-config.repository.ts b/src/Umbraco.Web.UI.Client/src/packages/user/user/repository/config/current-user-config.repository.ts
@@ -0,0 +1,67 @@
+import type { UmbCurrentUserConfigurationModel } from '../../types.js';
+import { UmbCurrentUserConfigServerDataSource } from './current-user-config.server.data-source.js';
+import { UMB_CURRENT_USER_CONFIG_STORE_CONTEXT } from './current-user-config.store.token.js';
+import { UmbRepositoryBase } from '@umbraco-cms/backoffice/repository';
+import type { UmbApi } from '@umbraco-cms/backoffice/extension-api';
+import type { UmbControllerHost } from '@umbraco-cms/backoffice/controller-api';
+import type { Observable } from '@umbraco-cms/backoffice/observable-api';
+
+export class UmbCurrentUserConfigRepository extends UmbRepositoryBase implements UmbApi {
+	/**
+	 * Promise that resolves when the repository has been initialized, i.e. when the user configuration has been fetched from the server.
+	 * @memberof UmbCurrentUserConfigRepository
+	 */
+	initialized: Promise<void>;
+
+	#dataStore?: typeof UMB_CURRENT_USER_CONFIG_STORE_CONTEXT.TYPE;
+	#dataSource = new UmbCurrentUserConfigServerDataSource(this);
+
+	constructor(host: UmbControllerHost) {
+		super(host);
+		this.initialized = new Promise<void>((resolve) => {
+			this.consumeContext(UMB_CURRENT_USER_CONFIG_STORE_CONTEXT, async (store) => {
+				this.#dataStore = store;
+				await this.#init();
+				resolve();
+			});
+		});
+	}
+
+	async #init() {
+		// Check if the store already has data
+		if (this.#dataStore?.getState()) {
+			return;
+		}
+
+		const { data } = await this.#dataSource.getCurrentUserConfig();
+
+		if (data) {
+			this.#dataStore?.update(data);
+		}
+	}
+
+	/**
+	 * Subscribe to the entire user configuration.
+	 */
+	all() {
+		if (!this.#dataStore) {
+			throw new Error('Data store not initialized');
+		}
+
+		return this.#dataStore.all();
+	}
+
+	/**
+	 * Subscribe to a part of the user configuration.
+	 * @param part
+	 */
+	part<Part extends keyof UmbCurrentUserConfigurationModel>(part: Part): Observable<UmbCurrentUserConfigurationModel[Part]> {
+		if (!this.#dataStore) {
+			throw new Error('Data store not initialized');
+		}
+
+		return this.#dataStore.part(part);
+	}
+}
+
+export default UmbCurrentUserConfigRepository;
diff --git a/src/Umbraco.Web.UI.Client/src/packages/user/user/repository/config/current-user-config.server.data-source.ts b/src/Umbraco.Web.UI.Client/src/packages/user/user/repository/config/current-user-config.server.data-source.ts
@@ -0,0 +1,19 @@
+import type { UmbControllerHost } from '@umbraco-cms/backoffice/controller-api';
+import { UserService } from '@umbraco-cms/backoffice/external/backend-api';
+import { tryExecuteAndNotify } from '@umbraco-cms/backoffice/resources';
+
+export class UmbCurrentUserConfigServerDataSource {
+	#host;
+
+	constructor(host: UmbControllerHost) {
+		this.#host = host;
+	}
+
+	/**
+	 * Get the current user configuration.
+	 * @memberof UmbCurrentUserConfigServerDataSource
+	 */
+	getCurrentUserConfig() {
+		return tryExecuteAndNotify(this.#host, UserService.getUserCurrentConfiguration());
+	}
+}
diff --git a/src/Umbraco.Web.UI.Client/src/packages/user/user/repository/config/current-user-config.store.token.ts b/src/Umbraco.Web.UI.Client/src/packages/user/user/repository/config/current-user-config.store.token.ts
@@ -0,0 +1,4 @@
+import type { UmbCurrentUserConfigStore } from './current-user-config.store.js';
+import { UmbContextToken } from '@umbraco-cms/backoffice/context-api';
+
+export const UMB_CURRENT_USER_CONFIG_STORE_CONTEXT = new UmbContextToken<UmbCurrentUserConfigStore>('UmbCurrentUserConfigStore');
diff --git a/src/Umbraco.Web.UI.Client/src/packages/user/user/repository/config/current-user-config.store.ts b/src/Umbraco.Web.UI.Client/src/packages/user/user/repository/config/current-user-config.store.ts
@@ -0,0 +1,12 @@
+import type { UmbCurrentUserConfigurationModel } from '../../types.js';
+import { UMB_CURRENT_USER_CONFIG_STORE_CONTEXT } from './current-user-config.store.token.js';
+import type { UmbControllerHost } from '@umbraco-cms/backoffice/controller-api';
+import { UmbStoreObjectBase } from '@umbraco-cms/backoffice/store';
+
+export class UmbCurrentUserConfigStore extends UmbStoreObjectBase<UmbCurrentUserConfigurationModel> {
+	constructor(host: UmbControllerHost) {
+		super(host, UMB_CURRENT_USER_CONFIG_STORE_CONTEXT.toString());
+	}
+}
+
+export default UmbCurrentUserConfigStore;
diff --git a/src/Umbraco.Web.UI.Client/src/packages/user/user/repository/config/index.ts b/src/Umbraco.Web.UI.Client/src/packages/user/user/repository/config/index.ts
@@ -1,2 +1,3 @@
 export * from './constants.js';
+export * from './current-user-config.repository.js';
 export * from './user-config.repository.js';
diff --git a/src/Umbraco.Web.UI.Client/src/packages/user/user/repository/config/manifests.ts b/src/Umbraco.Web.UI.Client/src/packages/user/user/repository/config/manifests.ts
@@ -1,4 +1,4 @@
-import { UMB_USER_CONFIG_REPOSITORY_ALIAS, UMB_USER_CONFIG_STORE_ALIAS } from './constants.js';
+import { UMB_CURRENT_USER_CONFIG_REPOSITORY_ALIAS, UMB_CURRENT_USER_CONFIG_STORE_ALIAS, UMB_USER_CONFIG_REPOSITORY_ALIAS, UMB_USER_CONFIG_STORE_ALIAS } from './constants.js';
 
 export const manifests: Array<UmbExtensionManifest> = [
 	{
@@ -13,4 +13,16 @@ export const manifests: Array<UmbExtensionManifest> = [
 		name: 'User Config Repository',
 		api: () => import('./user-config.repository.js'),
 	},
+	{
+		type: 'store',
+		alias: UMB_CURRENT_USER_CONFIG_STORE_ALIAS,
+		name: 'Current User Config Store',
+		api: () => import('./current-user-config.store.js'),
+	},
+	{
+		type: 'repository',
+		alias: UMB_CURRENT_USER_CONFIG_REPOSITORY_ALIAS,
+		name: 'Current User Config Repository',
+		api: () => import('./current-user-config.repository.js'),
+	},
 ];
diff --git a/src/Umbraco.Web.UI.Client/src/packages/user/user/repository/config/user-config.server.data-source.ts b/src/Umbraco.Web.UI.Client/src/packages/user/user/repository/config/user-config.server.data-source.ts
@@ -16,4 +16,12 @@ export class UmbUserConfigServerDataSource {
 	getUserConfig() {
 		return tryExecuteAndNotify(this.#host, UserService.getUserConfiguration());
 	}
+
+	/**
+	 * Get the current user configuration.
+	 * @memberof UmbUserConfigServerDataSource
+	 */
+	getCurrentUserConfig() {
+		return tryExecuteAndNotify(this.#host, UserService.getUserCurrentConfiguration());
+	}
 }
diff --git a/src/Umbraco.Web.UI.Client/src/packages/user/user/types.ts b/src/Umbraco.Web.UI.Client/src/packages/user/user/types.ts
diff --git a/src/Umbraco.Web.UI.Client/utils/all-umb-consts/index.ts b/src/Umbraco.Web.UI.Client/utils/all-umb-consts/index.ts

Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,4 @@`
`1`		`-import { UMB_USER_ENTITY_TYPE } from '@umbraco-cms/backoffice/user';`
	`1`	`+import { UMB_USER_ALLOW_CHANGE_PASSWORD_CONDITION_ALIAS, UMB_USER_ENTITY_TYPE } from '@umbraco-cms/backoffice/user';`
`2`	`2`
`3`	`3`	`export const manifests: Array<UmbExtensionManifest> = [`
`4`	`4`	`{`
`@@ -18,7 +18,7 @@ export const manifests: Array<UmbExtensionManifest> = [`
`18`	`18`	`alias: 'Umb.Condition.User.IsDefaultKind',`
`19`	`19`	`},`
`20`	`20`	`{`
`21`		`- alias: 'Umb.Condition.User.AllowChangePassword',`
	`21`	`+ alias: UMB_USER_ALLOW_CHANGE_PASSWORD_CONDITION_ALIAS,`
`22`	`22`	`},`
`23`	`23`	`],`
`24`	`24`	`},`
Original file line number	Diff line number	Diff line change
`@@ -1,3 +1,5 @@`
	`1`	`+import { UMB_CURRENT_USER_ALLOW_MFA_CONDITION_ALIAS } from '@umbraco-cms/backoffice/user';`
	`2`	`+`
`1`	`3`	`export const manifests: Array<UmbExtensionManifest> = [`
`2`	`4`	`{`
`3`	`5`	`type: 'currentUserAction',`
`@@ -13,7 +15,7 @@ export const manifests: Array<UmbExtensionManifest> = [`
`13`	`15`	`},`
`14`	`16`	`conditions: [`
`15`	`17`	`{`
`16`		`- alias: 'Umb.Condition.User.AllowMfaAction',`
	`18`	`+ alias: UMB_CURRENT_USER_ALLOW_MFA_CONDITION_ALIAS,`
`17`	`19`	`},`
`18`	`20`	`],`
`19`	`21`	`},`
Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,5 @@`
`1`	`1`	`import { UMB_SECTION_USER_PERMISSION_CONDITION_ALIAS } from '@umbraco-cms/backoffice/section';`
	`2`	`+import { UMB_CURRENT_USER_ALLOW_CHANGE_PASSWORD_CONDITION_ALIAS } from '@umbraco-cms/backoffice/user';`
`2`	`3`
`3`	`4`	`export const manifests: Array<UmbExtensionManifest> = [`
`4`	`5`	`{`
`@@ -43,7 +44,7 @@ export const manifests: Array<UmbExtensionManifest> = [`
`43`	`44`	`},`
`44`	`45`	`conditions: [`
`45`	`46`	`{`
`46`		`- alias: 'Umb.Condition.User.AllowChangePassword',`
	`47`	`+ alias: UMB_CURRENT_USER_ALLOW_CHANGE_PASSWORD_CONDITION_ALIAS,`
`47`	`48`	`},`
`48`	`49`	`],`
`49`	`50`	`},`
Original file line number	Diff line number	Diff line change
`@@ -1 +1,2 @@`
`1`	`1`	`export const UMB_USER_ALLOW_CHANGE_PASSWORD_CONDITION_ALIAS = 'Umb.Condition.User.AllowChangePassword';`
	`2`	`+export const UMB_CURRENT_USER_ALLOW_CHANGE_PASSWORD_CONDITION_ALIAS = 'Umb.Condition.CurrentUser.AllowChangePassword';`