profile: only user himself may change password

[ErwinKomen]

Right now it is possible for any signed-in user to change the password of anyone else.

[ErwinKomen]

This is in ProfileEdit, where we added the Change Password option. Obviously, this should be restricted to the user him/herself.

Added:

        # For all people: if this is the correct user, allow him/her to change password
        if not self.request.user is None and instance.user.id == self.request.user.id:
            # This is the user who may change his/her password
            oItem = dict(type='safe', label="", value=instance.get_changepw())
            context['mainitems'].append(oItem)

Double checking: moderators can still edit the profile of any other user. That is by design. A moderator should be able to do this.

[ErwinKomen]

One more: topnav.html under User > User profile had a link to user.id But that should be to the profile:

{% url 'profile_details' user.user_profiles.first.id  %}

Changed