From 794541c984682f6d19e09b1f06b985cdde13dc27 Mon Sep 17 00:00:00 2001
From: Mark Carroll <M.T.B.Carroll@Dundee.ac.uk>
Date: Mon, 2 Jul 2018 10:16:17 +0100
Subject: [PATCH] grey out webadmin user role when editing root user

---
 components/tools/OmeroWeb/omeroweb/webadmin/forms.py | 5 +++--
 components/tools/OmeroWeb/omeroweb/webadmin/views.py | 4 ++--
 2 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/components/tools/OmeroWeb/omeroweb/webadmin/forms.py b/components/tools/OmeroWeb/omeroweb/webadmin/forms.py
index 964aad5fff6..572ae1c7d8f 100644
--- a/components/tools/OmeroWeb/omeroweb/webadmin/forms.py
+++ b/components/tools/OmeroWeb/omeroweb/webadmin/forms.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 # -*- coding: utf-8 -*-
 #
-# Copyright (c) 2008-2014 University of Dundee.
+# Copyright (c) 2008-2018 University of Dundee.
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU Affero General Public License as
@@ -151,7 +151,8 @@ def __init__(self, name_check=False, email_check=False,
             initial='user')
         # If current user is restricted Admin, can't create full Admin
         restricted_admin = "ReadSession" not in self.user_privileges
-        self.fields['role'].widget.renderer.disable_admin = restricted_admin
+        self.fields['role'].widget.renderer.disable_admin = \
+            restricted_admin or experimenter_root
 
         if ('with_password' in kwargs['initial'] and
                 kwargs['initial']['with_password']):
diff --git a/components/tools/OmeroWeb/omeroweb/webadmin/views.py b/components/tools/OmeroWeb/omeroweb/webadmin/views.py
index a72cf441f8a..2ac1165a61e 100644
--- a/components/tools/OmeroWeb/omeroweb/webadmin/views.py
+++ b/components/tools/OmeroWeb/omeroweb/webadmin/views.py
@@ -3,7 +3,7 @@
 #
 #
 #
-# Copyright (c) 2008-2014 University of Dundee.
+# Copyright (c) 2008-2018 University of Dundee.
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU Affero General Public License as
@@ -506,7 +506,7 @@ def manage_experimenter(request, action, eid=None, conn=None, **kwargs):
                 role = 'restricted_administrator'
         initial['role'] = role
 
-        root_id = [conn.getAdminService().getSecurityRoles().rootId]
+        root_id = conn.getAdminService().getSecurityRoles().rootId
         user_id = conn.getUserId()
         experimenter_root = long(eid) == root_id
         experimenter_me = long(eid) == user_id