From 78baea207d385082a49fc03ae283c7d4614c861e Mon Sep 17 00:00:00 2001
From: Jan Schulz-Hofen <jan@plan.io>
Date: Mon, 7 Dec 2015 00:24:59 +0800
Subject: [PATCH] Prevent admins from sending themselves their own password

---
 app/controllers/users_controller.rb | 2 +-
 app/views/users/_general.html.erb   | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
index 9ce8011..3369932 100644
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -143,7 +143,7 @@ class UsersController < ApplicationController
 
       if was_activated
         Mailer.account_activated(@user).deliver
-      elsif @user.active? && params[:send_information] && @user.password.present? && @user.auth_source_id.nil?
+      elsif @user.active? && params[:send_information] && @user.password.present? && @user.auth_source_id.nil? && @user != User.current
         Mailer.account_information(@user, @user.password).deliver
       end
 
diff --git a/app/views/users/_general.html.erb b/app/views/users/_general.html.erb
index 0daa421..7d84c0c 100644
--- a/app/views/users/_general.html.erb
+++ b/app/views/users/_general.html.erb
@@ -1,6 +1,6 @@
 <%= labelled_form_for @user do |f| %>
   <%= render :partial => 'form', :locals => { :f => f } %>
-  <% if @user.active? && email_delivery_enabled? -%>
+  <% if @user.active? && email_delivery_enabled? && @user != User.current -%>
     <p><label><%= check_box_tag 'send_information', 1, true %> <%= l(:label_send_information) %></label></p>
   <% end -%>
   <p><%= submit_tag l(:button_save) %></p>
-- 
2.4.0