Remove user ID check

When editing a patron, there are three checks made to disable the save button.
The first two to determine if it's a new user or a user that belongs to a
group you do not have permission to edit sound good. But the third check
assumes that the user making the edits are allowed to edit their own record.

To prevent a use case where the user is part of a group that their group does
not have permission to edit, we should not allow them to save changes to their
own record.  This change removes the user ID check.

Signed-off-by: Ben Shum <bshum@biblio.org>

diff --git a/Open-ILS/web/js/ui/default/actor/user/register.js b/Open-ILS/web/js/ui/default/actor/user/register.js
index c31eb2f..81a5768 100644 (file)
--- a/Open-ILS/web/js/ui/default/actor/user/register.js
+++ b/Open-ILS/web/js/ui/default/actor/user/register.js
@@ -296,7 +296,7 @@ function load() {
 
        dojo.connect(setExpireDate, 'onClick', setExpireDateHandler);
 
-    if(!patron.isnew() && !checkGrpAppPerm(patron.profile()) && patron.id() != openils.User.user.id()) {
+    if(!patron.isnew() && !checkGrpAppPerm(patron.profile())) {
         // we are not allowed to edit this user, so disable the save option
         saveButton.attr('disabled', true);
         saveCloneButton.attr('disabled', true);