Created
November 27, 2019 10:54
-
-
Save torunar/2cdd78a95ac1a96f86fd333c36457f1d to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
diff --git a/app/controllers/backend/profiles.php b/app/controllers/backend/profiles.php | |
index abc5a286ae..c3c0c3c09b 100644 | |
--- a/app/controllers/backend/profiles.php | |
+++ b/app/controllers/backend/profiles.php | |
@@ -13,9 +13,9 @@ | |
****************************************************************************/ | |
use Tygh\Api; | |
-use Tygh\Registry; | |
use Tygh\Enum\UserTypes; | |
use Tygh\Enum\YesNo; | |
+use Tygh\Registry; | |
if (!defined('BOOTSTRAP')) { die('Access denied'); } | |
@@ -246,8 +246,9 @@ if ($mode == 'manage') { | |
return [CONTROLLER_STATUS_NO_PAGE]; | |
} | |
- if (!fn_check_permission_manage_profiles($user_data['user_type'])) { | |
- return array(CONTROLLER_STATUS_DENIED); | |
+ $act_as_self = $user_id == $auth['user_id']; | |
+ if (!$act_as_self && !fn_check_permission_manage_profiles($user_data['user_type'])) { | |
+ return [CONTROLLER_STATUS_DENIED]; | |
} | |
if (!empty($user_data)) { |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment