LP#1446860 Staff were able to edit their own accounts.

This change reverses what appears to be a thinko in the
original programming.  If the editing user is the same
as the user being edited, disable the Save button.

Signed-off-by: Chris Sharp <csharp@georgialibraries.org>
Conflicts:
	Open-ILS/web/js/ui/default/actor/user/register.js

LP#1446860 - Correct mistaken logic in previous fix.

See https://bugs.launchpad.net/evergreen/+bug/1446860/comments/2
for reference.  The logic was not enforcing the "if the editing
staff member doesn't have permission to edit a user in this
permission group" check.  This corrects that.

Signed-off-by: Chris Sharp <csharp@georgialibraries.org>

diff --git a/Open-ILS/web/js/ui/default/actor/user/register.js b/Open-ILS/web/js/ui/default/actor/user/register.js
index 7cb5a62..dd1c95b 100644 (file)
--- a/Open-ILS/web/js/ui/default/actor/user/register.js
+++ b/Open-ILS/web/js/ui/default/actor/user/register.js
@@ -302,7 +302,7 @@ function load() {
 
        dojo.connect(setExpireDate, 'onClick', setExpireDateHandler);
 
-    if(!patron.isnew() && !checkGrpAppPerm(patron.profile()) && patron.id() == openils.User.user.id()) {
+    if(!patron.isnew() && !checkGrpAppPerm(patron.profile()) || patron.id() == openils.User.user.id()) {
         // we are not allowed to edit this user, so disable the save option
         saveButton.attr('disabled', true);
         saveCloneButton.attr('disabled', true);