Only admins can change usernames.

app/controllers/users_controller.rb

@@ -63,6 +63,7 @@ class UsersController < ApplicationController
 
   def update
     raise AccessError unless @user.can_update? cuser
+    params[:user].delete(:username) unless @user.can_change_name? cuser
     if @user.update_attributes params[:user]
       flash[:notice] = t(:users_update)
       redirect_to_back

app/models/user.rb

@@ -271,6 +271,10 @@ class User < ActiveRecord::Base
     cuser and (self == cuser or cuser.admin?)
   end
 
+  def can_change_name? cuser
+    cuser and cuser.admin?
+  end
+
   def can_destroy? cuser
     cuser and cuser.admin?
   end

app/views/users/edit.html.erb

@@ -15,10 +15,12 @@
 
         <div class="tabbed-contents">
           <div class="tab" id="account">
+            <% if cuser and @user.can_change_name? cuser %>
             <div class="fields horizontal">
               <%= f.label :username, 'Username', class: 'required' %>
               <%= f.text_field :username %>
             </div>
+            <% end %>
             <div class="fields horizontal">
               <%= f.label :raw_password, "Password" %>
               <%= f.password_field :raw_password %>