Fix #943 allow non admin.super users to change their account information. Allow admin.super and admin.users to change other users information.

classes/admincontroller.php

@@ -438,6 +438,18 @@ class AdminController extends AdminBaseController
 
         $config = $this->grav['config'];
 
+        // Special handler for user data.
+        if ($this->view == 'user') {
+            if (!$this->admin->authorize(['admin.super', 'admin.users'])) {
+                //not admin.super or admin.users
+                if ($this->prepareData($data)->username !== $this->grav['user']->username) {
+                    $this->admin->setMessage($this->admin->translate('PLUGIN_ADMIN.INSUFFICIENT_PERMISSIONS_FOR_TASK') . ' save.',
+                    'error');
+                    return false;
+                }
+            }
+        }
+
         // Special handler for pages data.
         if ($this->view == 'pages') {
             /** @var Pages $pages */
@@ -512,7 +524,6 @@ class AdminController extends AdminBaseController
                 }
             }
 
-
         } else {
             // Handle standard data types.
             $obj = $this->prepareData($data);