diff --git a/apps/system/views.py b/apps/system/views.py
index 3f11301c..44f8f431 100755
--- a/apps/system/views.py
+++ b/apps/system/views.py
@@ -8,11 +8,12 @@ from django_celery_beat.models import (CrontabSchedule, IntervalSchedule,
                                        PeriodicTask)
 from django_celery_results.models import TaskResult
 from rest_framework.decorators import action
-from rest_framework.exceptions import ParseError, ValidationError
+from rest_framework.exceptions import ParseError, ValidationError, PermissionDenied
 from rest_framework.mixins import (CreateModelMixin, DestroyModelMixin,
                                    ListModelMixin, RetrieveModelMixin)
 from rest_framework.parsers import (JSONParser,
                                     MultiPartParser)
+from rest_framework.serializers import Serializer
 from rest_framework.permissions import IsAuthenticated, AllowAny
 from rest_framework.response import Response
 from rest_framework.views import APIView
@@ -494,6 +495,16 @@ class UserViewSet(CustomModelViewSet):
                 raise ParseError(**PASSWORD_NOT_SAME)
         else:
             raise ValidationError(**OLD_PASSWORD_WRONG)
+    
+    @action(methods=['post'], detail=True, perms_map={'post': '*'}, serializer_class=Serializer)
+    def reset_password(self, request, pk=None):
+        user = self.get_object()
+        if request.user.is_superuser:
+            user.set_password('0000')
+            user.save()
+        else:
+            raise PermissionDenied()
+        return Response()
 
     @action(methods=['get'], detail=False, permission_classes=[IsAuthenticated])
     def info(self, request, pk=None):