people with patron update perms can now update their own account

provided they do not change their profile
 - unless they have permission to change their profile...

git-svn-id: svn://svn.open-ils.org/ILS/trunk@6029 dcc99617-32d9-48b4-a31d-7c20da2025e4

diff --git a/Open-ILS/src/perlmods/OpenILS/Application/Actor.pm b/Open-ILS/src/perlmods/OpenILS/Application/Actor.pm
index 8afd250..96c04fc 100644 (file)
--- a/Open-ILS/src/perlmods/OpenILS/Application/Actor.pm
+++ b/Open-ILS/src/perlmods/OpenILS/Application/Actor.pm
@@ -348,6 +348,15 @@ sub check_group_perm {
        if( ! $patron->isnew ) {
                my $p = $session->request(
                        'open-ils.storage.direct.actor.user.retrieve', $patron->id )->gather(1);
+
+               # If we are the requestor (trying to update our own account)
+               # and we are not trying to change our profile, we're good
+               if( $p->id == $requestor->id and 
+                               $p->profile == $patron->profile ) {
+                       return undef;
+               }
+
+
                $evt = group_perm_failed($session, $requestor, $p);
                return $evt if $evt;
        }