From 389527296e02ab5ae205e22a9544589f6121b64d 2015-12-06 20:46:26
From: Jean-Philippe Lang <jp_lang@yahoo.fr>
Date: 2015-12-06 20:46:26
Subject: [PATCH] Prevent admins from sending themselves their own password (#21436).

Patch by Jan Schulz-Hofen.

git-svn-id: http://svn.redmine.org/redmine/trunk@14966 e93f8b46-1217-0410-a6f0-8f06a7374b81

---

diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
index 9ce8011..3369932 100644
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -143,7 +143,7 @@ class UsersController < ApplicationController
 
       if was_activated
         Mailer.account_activated(@user).deliver
-      elsif @user.active? && params[:send_information] && @user.password.present? && @user.auth_source_id.nil?
+      elsif @user.active? && params[:send_information] && @user.password.present? && @user.auth_source_id.nil? && @user != User.current
         Mailer.account_information(@user, @user.password).deliver
       end
 
diff --git a/app/views/users/_general.html.erb b/app/views/users/_general.html.erb
index 0daa421..7d84c0c 100644
--- a/app/views/users/_general.html.erb
+++ b/app/views/users/_general.html.erb
@@ -1,6 +1,6 @@
 <%= labelled_form_for @user do |f| %>
   <%= render :partial => 'form', :locals => { :f => f } %>
-  <% if @user.active? && email_delivery_enabled? -%>
+  <% if @user.active? && email_delivery_enabled? && @user != User.current -%>
     <p><label><%= check_box_tag 'send_information', 1, true %> <%= l(:label_send_information) %></label></p>
   <% end -%>
   <p><%= submit_tag l(:button_save) %></p>