From: Chris Sharp <csharp@georgialibraries.org>
Date: Tue, 21 Apr 2015 21:10:49 +0000 (-0400)
Subject: LP#1446860 Staff were able to edit their own accounts.
X-Git-Url: https://old-git.evergreen-ils.org/?a=commitdiff_plain;h=61efe54977d73baef228784f5feb26347b3fb033;p=evergreen%2Fpines.git

LP#1446860 Staff were able to edit their own accounts.

This change reverses what appears to be a thinko in the
original programming.  If the editing user is the same
as the user being edited, disable the Save button.

Signed-off-by: Chris Sharp <csharp@georgialibraries.org>

Conflicts:
	Open-ILS/web/js/ui/default/actor/user/register.js

LP#1446860 - Correct mistaken logic in previous fix.

See https://bugs.launchpad.net/evergreen/+bug/1446860/comments/2
for reference.  The logic was not enforcing the "if the editing
staff member doesn't have permission to edit a user in this
permission group" check.  This corrects that.

Signed-off-by: Chris Sharp <csharp@georgialibraries.org>
---

diff --git a/Open-ILS/web/js/ui/default/actor/user/register.js b/Open-ILS/web/js/ui/default/actor/user/register.js
index 9f58afc542..210e24ec8a 100644
--- a/Open-ILS/web/js/ui/default/actor/user/register.js
+++ b/Open-ILS/web/js/ui/default/actor/user/register.js
@@ -302,7 +302,7 @@ function load() {
 
 	dojo.connect(setExpireDate, 'onClick', setExpireDateHandler);
 
-    if(!patron.isnew() && !checkGrpAppPerm(patron.profile()) && patron.id() == openils.User.user.id()) {
+    if(!patron.isnew() && !checkGrpAppPerm(patron.profile()) || patron.id() == openils.User.user.id()) {
         // we are not allowed to edit this user, so disable the save option
         saveButton.attr('disabled', true);
         saveCloneButton.attr('disabled', true);