Require password before setting as admin

src/apps/dashboard/routes/users/profile.tsx

@@ -199,6 +199,8 @@ const UserEdit = () => {
                 throw new Error('Unexpected null user id or policy');
             }
 
+            const isPreviouslyAdmin = user.Policy.IsAdministrator;
+
             user.Name = (page.querySelector('#txtUserName') as HTMLInputElement).value.trim();
             user.Policy.IsAdministrator = (page.querySelector('.chkIsAdmin') as HTMLInputElement).checked;
             user.Policy.IsHidden = (page.querySelector('.chkIsHidden') as HTMLInputElement).checked;
@@ -225,6 +227,12 @@ const UserEdit = () => {
             user.Policy.EnableContentDeletionFromFolders = user.Policy.EnableContentDeletion ? [] : getCheckedElementDataIds(page.querySelectorAll('.chkFolder'));
             user.Policy.SyncPlayAccess = (page.querySelector('#selectSyncPlayAccess') as HTMLSelectElement).value as SyncPlayUserAccessType;
 
+            if (!user.HasPassword && user.Policy.IsAdministrator && !isPreviouslyAdmin) {
+                toast(globalize.translate('PasswordAdminRequired'));
+                loading.hide();
+                return;
+            }
+
             window.ApiClient.updateUser(user).then(() => (
                 window.ApiClient.updateUserPolicy(user.Id || '', user.Policy || { PasswordResetProviderId: '', AuthenticationProviderId: '' })
             )).then(() => {

src/strings/en-us.json

@@ -1318,6 +1318,7 @@
     "PackageInstallFailed": "{0} (version {1}) installation failed.",
     "PageNotFound": "This is not the page you are looking for.",
     "ParentalRating": "Parental rating",
+    "PasswordAdminRequired": "The user must have a password set before marking them as admin.",
     "PasswordMatchError": "Password and password confirmation must match.",
     "PasswordRequiredForAdmin": "A password is required for admin accounts.",
     "PasswordResetComplete": "The password has been reset.",