From 03b3dbd2ab588c9324400cf301aa32b251f3aa94 Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcritten@redhat.com>
Date: Tue, 22 Apr 2008 15:56:45 -0400
Subject: Don't let a user change their own uid. Fix some related errors if
 they try.

440895
---
 ipa-server/ipa-gui/ipagui/subcontrollers/user.py | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

(limited to 'ipa-server/ipa-gui/ipagui/subcontrollers/user.py')

diff --git a/ipa-server/ipa-gui/ipagui/subcontrollers/user.py b/ipa-server/ipa-gui/ipagui/subcontrollers/user.py
index 5baaf3fb..f57a2973 100644
--- a/ipa-server/ipa-gui/ipagui/subcontrollers/user.py
+++ b/ipa-server/ipa-gui/ipagui/subcontrollers/user.py
@@ -453,10 +453,15 @@ class UserController(IPAController):
         # the edit URI.
         if ((not 'admins' in turbogears.identity.current.groups and
             not 'editors' in turbogears.identity.current.groups) and 
-            (kw.get('uid') != turbogears.identity.current.display_name)):
+            (kw.get('uid_hidden') != turbogears.identity.current.display_name)):
             turbogears.flash("You do not have permission to update this user.")
             raise turbogears.redirect('/user/show', uid=kw.get('uid'))
 
+        if (kw.get('uid_hidden') == turbogears.identity.current.display_name and
+            kw.get('uid') != kw.get('uid_hidden')):
+            turbogears.flash("You cannot change your own login name.")
+            raise turbogears.redirect('/user/show', uid=kw.get('uid_hidden'))
+
         # Decode the group data, in case we need to round trip
         user_groups_dicts = loads(b64decode(kw.get('user_groups_data')))
 
-- 
cgit