From e76ea86b525ba5850c1dfd00567b67d8262bf22f Mon Sep 17 00:00:00 2001
From: Roy Johnson <roy.l.johnson@gmail.com>
Date: Sat, 18 Feb 2006 21:15:08 +0000
Subject: [PATCH] Fixed bug allowing admin to create a new user using a
 username that already exists

---
 lib/WebGUI/Operation/User.pm | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

diff --git a/lib/WebGUI/Operation/User.pm b/lib/WebGUI/Operation/User.pm
index b513f71f0..120aef79f 100644
--- a/lib/WebGUI/Operation/User.pm
+++ b/lib/WebGUI/Operation/User.pm
@@ -407,11 +407,14 @@ sub www_editUserSave {
 
 	return $session->privilege->adminOnly() unless ($isAdmin || $isSecondary);
 
-	# Check to see if the userId associated with the posted username matches the posted userId
-	# or that the userId is new
-	# or that the username passed in isn't assigned a userId
-	# Also verify that the posted username is not blank
-	if (($existingUserId eq $postedUserId || $postedUserId eq "new" || $existingUserId eq '')
+	# Check to see if 
+	# 1) the userId associated with the posted username matches the posted userId (we're editing an account)
+	# or that the userId is new and the username selected is unique (creating new account)
+	# or that the username passed in isn't assigned a userId (changing a username)
+	#
+	# Also verify that the posted username is not blank (we need a username)
+	#
+	if (($existingUserId eq $postedUserId || ($postedUserId eq "new" && !$existingUserId) || $existingUserId eq '')
              && $session->form->process("username") ne '') 
              {
 		# Create a user object with the id passed in.  If the Id is 'new', the new method will return a new user,