From 5347680642d61ba7ddcf46409380a870f9bc9587 Mon Sep 17 00:00:00 2001
From: Andrew Ruthven <andrew@etc.gen.nz>
Date: Sun, 25 Feb 2024 00:31:16 +1300
Subject: [PATCH] Hide change password fields if the user can't change the
 principal

There is no need to show these fields as they do nothing.
---
 inc/ui/principal-edit.php | 20 ++++++++++++--------
 1 file changed, 12 insertions(+), 8 deletions(-)

diff --git a/inc/ui/principal-edit.php b/inc/ui/principal-edit.php
index 860e119f..d7d4edf0 100644
--- a/inc/ui/principal-edit.php
+++ b/inc/ui/principal-edit.php
@@ -327,8 +327,10 @@ function principal_editor() {
   }
 
   $admin_row_entry = '';
-  $default_passwd_row_entry  = '<tr> <th class="right">' . $prompt_password_1 . ':</th>  <td class="left">##newpass1.password.' . $pwstars . '##</td> </tr>';
-  $default_passwd_row_entry .= '<tr> <th class="right">' . $prompt_password_2 . ':</th>  <td class="left">##newpass2.password.' . $pwstars . '##</td> </tr>';
+  if ($can_write_principal) {
+    $default_passwd_row_entry  = '<tr> <th class="right">' . $prompt_password_1 . ':</th>  <td class="left">##newpass1.password.' . $pwstars . '##</td> </tr>';
+    $default_passwd_row_entry .= '<tr> <th class="right">' . $prompt_password_2 . ':</th>  <td class="left">##newpass2.password.' . $pwstars . '##</td> </tr>';
+  }
   $delete_principal_button = '';
   if ( $session->AllowedTo('Admin') ) {
     $passwd_row_entry = $default_passwd_row_entry;
@@ -337,12 +339,14 @@ function principal_editor() {
     if ( isset($id) )
       $delete_principal_button = '<a href="' . $c->base_url . '/admin.php?action=edit&t=principal&subaction=delete_principal&id='.$id.'" class="submit">' . translate("Delete Principal") . '</a>';
   } else {
-    if ( isset($c->password_change_override) ) {
-      $passwd_row_entry  = '<tr> <th class="right">' . $prompt_password_1 . ':</th>';
-      $passwd_row_entry .= '<td class="left"><a href="' . $c->password_change_override['href'] . '">';
-      $passwd_row_entry .= $c->password_change_override['label']  . '</a></td> </tr>';
-    } else {
-        $passwd_row_entry = $default_passwd_row_entry;
+    if ($can_write_principal) {
+      if ( isset($c->password_change_override) ) {
+        $passwd_row_entry  = '<tr> <th class="right">' . $prompt_password_1 . ':</th>';
+        $passwd_row_entry .= '<td class="left"><a href="' . $c->password_change_override['href'] . '">';
+        $passwd_row_entry .= $c->password_change_override['label']  . '</a></td> </tr>';
+      } else {
+          $passwd_row_entry = $default_passwd_row_entry;
+      }
     }
   }