Mibew/mibew
1
0
Fork 0
mirror of https://github.com/Mibew/mibew.git synced 2025-02-07 16:24:43 +03:00
Code Issues Actions Packages Projects Releases Wiki Activity

Restrict access to avatar edit page

Browse Source
This commit is contained in:
Dmitriy Simushev 2014-05-23 09:11:35 +00:00
parent c39131199d
commit af45d34721
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/mibew/libs/classes/Mibew/Controller/Operator/AvatarController.php
View File

@ -51,6 +51,11 @@ class AvatarController extends AbstractController
$can_modify = ($op_id == $operator['operatorid'] && is_capable(CAN_MODIFYPROFILE, $operator))
|| is_capable(CAN_ADMINISTRATE, $operator);
// Check if the curent operator has enough rights to access the page
if ($op_id != $operator['operatorid'] && !is_capable(CAN_ADMINISTRATE, $operator)) {
throw new AccessDeniedException();
}
// Try to load the target operator.
$op = operator_by_id($op_id);
if (!$op) {