Fixed bug allowing admin to create a new user using a username that already exists

lib/WebGUI/Operation/User.pm

@@ -407,11 +407,14 @@ sub www_editUserSave {
 
 	return $session->privilege->adminOnly() unless ($isAdmin || $isSecondary);
 
-	# Check to see if the userId associated with the posted username matches the posted userId
-	# or that the userId is new
-	# or that the username passed in isn't assigned a userId
-	# Also verify that the posted username is not blank
-	if (($existingUserId eq $postedUserId || $postedUserId eq "new" || $existingUserId eq '')
+	# Check to see if 
+	# 1) the userId associated with the posted username matches the posted userId (we're editing an account)
+	# or that the userId is new and the username selected is unique (creating new account)
+	# or that the username passed in isn't assigned a userId (changing a username)
+	#
+	# Also verify that the posted username is not blank (we need a username)
+	#
+	if (($existingUserId eq $postedUserId || ($postedUserId eq "new" && !$existingUserId) || $existingUserId eq '')
              && $session->form->process("username") ne '') 
              {
 		# Create a user object with the id passed in.  If the Id is 'new', the new method will return a new user,