regression fix non-admin users unable to edit profile

Author: dleffler

framework/core/controllers/expController.php

@@ -52,7 +52,7 @@ abstract class expController {
         'export'    => 'Export Items'
     );
     protected $remove_permissions = array();  // $permissions not applicable for this module from above list
-    protected $add_permissions = array();  // additional $permissions processed and visible  for this module
+    protected $add_permissions = array();  // additional $permissions processed and visible for this module
     protected $manage_permissions = array();  // additional actions requiring manage permission in addition to $m_permissions
     public $requires_login = array();  // actions/methods (lower case ONLY) which ONLY require user be logged in to access...$permissions take priority
 

framework/modules/users/controllers/usersController.php

@@ -45,7 +45,8 @@ class usersController extends expController {
     );
 
     public $requires_login = array(
-        'change_password'    => 'You may not change a password without being logged in.'
+        'change_password'    => 'You may not change a password without being logged in.',
+        'edit'             => 'Edit Users',
     );
 
     static function displayname() {
@@ -68,6 +69,16 @@ static function canImportData() {
         return true;
     }
 
+    // create a permission specific to the module; return true grants permission, false continues with other permission checks
+    public static function checkPermissions($permission, $location) {
+        global $user;
+
+        if (!empty($user->id) && $permission === 'edit') {
+            // users must be allowed to edit their own profiles
+            return true;
+        }
+        return false;
+    }
     public function show() {
         global $user;