From 401dce885e6b23294533b2fb840a67758ed90b38 Mon Sep 17 00:00:00 2001
From: Mike Rylander <mrylander@gmail.com>
Date: Thu, 5 Sep 2019 11:34:51 -0400
Subject: [PATCH] LP#1842940: Don't allow self-edit or perm-restricted edit

Pre-webstaff, we disallowed editing of ones own record, an of records
that have a group application permission that the staff do not possess.

This commit brings back those restrictions.

Signed-off-by: Mike Rylander <mrylander@gmail.com>
Signed-off-by: Jane Sandberg <sandbej@linnbenton.edu>
---
 Open-ILS/web/js/ui/default/staff/circ/patron/regctl.js | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/Open-ILS/web/js/ui/default/staff/circ/patron/regctl.js b/Open-ILS/web/js/ui/default/staff/circ/patron/regctl.js
index bcfbab817d..1d34476fef 100644
--- a/Open-ILS/web/js/ui/default/staff/circ/patron/regctl.js
+++ b/Open-ILS/web/js/ui/default/staff/circ/patron/regctl.js
@@ -1564,6 +1564,8 @@ function($scope , $routeParams , $q , $uibModal , $window , egCore ,
 
     // grp is the pgt object
     $scope.set_profile = function(grp) {
+        // If we can't save because of group perms or create/update perms
+        if ($scope.edit_passthru.hide_save_actions()) return;
         $scope.patron.profile = grp;
         $scope.set_expire_date();
         $scope.field_modified();
@@ -2065,6 +2067,18 @@ function($scope , $routeParams , $q , $uibModal , $window , egCore ,
 
     // Returns true if the Save and Save & Clone buttons should be disabled.
     $scope.edit_passthru.hide_save_actions = function() {
+        if ($scope.patron.id
+            && $scope.patron.id == egCore.auth.user().id()
+        ) return true;
+
+        if ( $scope.patron.profile
+             && patronRegSvc
+                .edit_profiles
+                .filter(function(p) {
+                    return $scope.patron.profile.id() == p.id();
+                }).length == 0
+        ) return true;
+
         return $scope.patron.isnew ?
             !$scope.perms.CREATE_USER : 
             !$scope.perms.UPDATE_USER;
-- 
2.11.0