Allowed a privileged user to add, edit and delete memberships without restrictions (you know what you’re doing)

code/Membership/Membership.js

@@ -132,9 +132,9 @@ Membership.prototype.getPermission = function(action) {
     case 'contact':
     return res.handlers.site.getPermission('main');
     case 'edit':
-    return Membership.require(Membership.OWNER) && (!this.require(Membership.OWNER) || this.site.members.owners.size() > 1);
+    return User.require(User.PRIVILEGED) || Membership.require(Membership.OWNER) && (!this.require(Membership.OWNER) || this.site.members.owners.size() > 1);
     case 'delete':
-    return (this.creator === session.user || Membership.require(Membership.OWNER)) && (!this.require(Membership.OWNER) || this.site.members.owners.size() > 1);
+    return User.require(User.PRIVILEGED) || (this.creator === session.user || Membership.require(Membership.OWNER)) && (!this.require(Membership.OWNER) || this.site.members.owners.size() > 1);
   }
   return false;
 }
@@ -178,13 +178,10 @@ Membership.prototype.edit_action = function() {
 Membership.prototype.update = function(data) {
   if (!data.role) {
     throw Error(gettext('Please choose a role for this member.'));
-  } else if (this.user === session.user) {
-    throw Error(gettext('Sorry, you are not allowed to edit your own membership.'));
   } else if (data.role !== this.role) {
     this.role = data.role || Membership.SUBSCRIBER;
     this.touch();
-    this.notify(req.action, this.creator.email,
-        gettext('[{0}] Notification of membership change', root.title));
+    this.notify(req.action, this.creator.email, gettext('[{0}] Notification of membership change', root.title));
   }
   return;
 }