From 53925d0ef5b5239fb98150404f9f696a9bda80f3 Mon Sep 17 00:00:00 2001
From: Amy Gale Ruth Bowersox <amy@erbosoft.com>
Date: Tue, 17 Feb 2026 21:51:51 -0700
Subject: [PATCH] make user profile editing honor the "disallow set photo" flag
 on their account (does not affect admin editing them)

---
 userdata.go | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/userdata.go b/userdata.go
index 9aab9ed..696a68a 100644
--- a/userdata.go
+++ b/userdata.go
@@ -52,10 +52,17 @@ func EditProfileForm(ctxt ui.AmContext) (string, any) {
 	if u.IsAnon {
 		return "error", ELOGIN
 	}
+	flags, err := u.Flags(ctxt.Ctx())
+	if err != nil {
+		return "error", err
+	}
 	dlg, err := ui.AmLoadDialog("profile")
 	if err == nil {
 		dlg.Field("tgt").Value = target
 		dlg.Field("photo").Param = "/profile_photo?tgt=" + url.QueryEscape(target)
+		if flags.Get(database.UserFlagDisallowSetPhoto) {
+			dlg.Field("photo").Disabled = true
+		}
 		var ci *database.ContactInfo
 		ci, err = u.ContactInfo(ctxt.Ctx())
 		if err == nil {
@@ -110,6 +117,10 @@ func EditProfile(ctxt ui.AmContext) (string, any) {
 	if u.IsAnon {
 		return "error", ELOGIN
 	}
+	flags, err := u.Flags(ctxt.Ctx())
+	if err != nil {
+		return "error", err
+	}
 	dlg, err := ui.AmLoadDialog("profile")
 	if err == nil {
 		dlg.LoadFromForm(ctxt)
@@ -118,6 +129,9 @@ func EditProfile(ctxt ui.AmContext) (string, any) {
 			target = "/"
 		}
 		dlg.Field("photo").Param = "/profile_photo?tgt=" + url.QueryEscape(target)
+		if flags.Get(database.UserFlagDisallowSetPhoto) {
+			dlg.Field("photo").Disabled = true
+		}
 
 		action := dlg.WhichButton(ctxt)
 		if action == "cancel" { // Cancel button pressed