From: Marcel Werk Date: Wed, 12 Mar 2014 17:06:42 +0000 (+0100) Subject: A user can always access his own profile now X-Git-Tag: 2.0.4~15 X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=b3b44b362ce0030c9873950e9730678dcdef48c6;p=GitHub%2FWoltLab%2FWCF.git A user can always access his own profile now --- diff --git a/wcfsetup/install/files/lib/page/UserPage.class.php b/wcfsetup/install/files/lib/page/UserPage.class.php index 4c7aa7eec2..c75dafe916 100644 --- a/wcfsetup/install/files/lib/page/UserPage.class.php +++ b/wcfsetup/install/files/lib/page/UserPage.class.php @@ -37,11 +37,6 @@ class UserPage extends AbstractPage { */ public $enableTracking = true; - /** - * @see \wcf\page\AbstractPage::$neededPermissions - */ - public $neededPermissions = array('user.profile.canViewUserProfile'); - /** * edit profile on page load * @var boolean @@ -102,6 +97,10 @@ class UserPage extends AbstractPage { throw new IllegalLinkException(); } + if ($this->user->userID != WCF::getUser()->userID && !WCF::getSession()->getPermission('user.profile.canViewUserProfile')) { + throw new PermissionDeniedException(); + } + // check is Accessible if ($this->user->isProtected()) { throw new PermissionDeniedException();