disable password when in demo mode

backend/app/api/routes.go

@@ -42,8 +42,10 @@ func (a *app) newRouter(repos *repo.AllRepos) *chi.Mux {
 	// API Version 1
 
 	v1Base := v1.BaseUrlFunc(prefix)
-	v1Ctrl := v1.NewControllerV1(a.services, v1.WithMaxUploadSize(a.conf.Web.MaxUploadSize))
+	v1Ctrl := v1.NewControllerV1(a.services,
-	{
+		v1.WithMaxUploadSize(a.conf.Web.MaxUploadSize),
+		v1.WithDisablePasswordChange(a.conf.Demo), // Disable Password Change in Demo Mode
+	)
 	r.Get(v1Base("/status"), v1Ctrl.HandleBase(func() bool { return true }, v1.Build{
 		Version:   Version,
 		Commit:    Commit,
@@ -93,7 +95,6 @@ func (a *app) newRouter(repos *repo.AllRepos) *chi.Mux {
 		r.Put(v1Base("/items/{id}/attachments/{attachment_id}"), v1Ctrl.HandleItemAttachmentUpdate())
 		r.Delete(v1Base("/items/{id}/attachments/{attachment_id}"), v1Ctrl.HandleItemAttachmentDelete())
 	})
-	}
 
 	r.NotFound(notFoundHandler())
 	return r

backend/app/api/v1/controller.go

@@ -13,9 +13,16 @@ func WithMaxUploadSize(maxUploadSize int64) func(*V1Controller) {
 	}
 }
 
+func WithDisablePasswordChange(disablePasswordChange bool) func(*V1Controller) {
+	return func(ctrl *V1Controller) {
+		ctrl.disablePasswordChange = disablePasswordChange
+	}
+}
+
 type V1Controller struct {
 	svc                   *services.AllServices
 	maxUploadSize         int64
+	disablePasswordChange bool
 }
 
 type (

backend/app/api/v1/v1_ctrl_user.go

@@ -136,6 +136,11 @@ type (
 // @Security  Bearer
 func (ctrl *V1Controller) HandleUserSelfChangePassword() http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
+		if ctrl.disablePasswordChange {
+			server.RespondError(w, http.StatusForbidden, nil)
+			return
+		}
+
 		var cp ChangePassword
 		err := server.Decode(r, &cp)
 		if err != nil {