A user can always access his own profile now
authorMarcel Werk <burntime@woltlab.com>
Wed, 12 Mar 2014 17:06:42 +0000 (18:06 +0100)
committerMarcel Werk <burntime@woltlab.com>
Wed, 12 Mar 2014 17:06:42 +0000 (18:06 +0100)
wcfsetup/install/files/lib/page/UserPage.class.php

index 4c7aa7eec2e677cea2d30dd1d10cddd3d0b8c512..c75dafe916c6cf3671f877de8ca1ae0344959282 100644 (file)
@@ -37,11 +37,6 @@ class UserPage extends AbstractPage {
         */
        public $enableTracking = true;
        
-       /**
-        * @see \wcf\page\AbstractPage::$neededPermissions
-        */
-       public $neededPermissions = array('user.profile.canViewUserProfile');
-       
        /**
         * edit profile on page load
         * @var boolean
@@ -102,6 +97,10 @@ class UserPage extends AbstractPage {
                        throw new IllegalLinkException();
                }
                
+               if ($this->user->userID != WCF::getUser()->userID && !WCF::getSession()->getPermission('user.profile.canViewUserProfile')) {
+                       throw new PermissionDeniedException();
+               }
+               
                // check is Accessible
                if ($this->user->isProtected()) {
                        throw new PermissionDeniedException();