From b3b44b362ce0030c9873950e9730678dcdef48c6 Mon Sep 17 00:00:00 2001 From: Marcel Werk Date: Wed, 12 Mar 2014 18:06:42 +0100 Subject: [PATCH] A user can always access his own profile now --- wcfsetup/install/files/lib/page/UserPage.class.php | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/wcfsetup/install/files/lib/page/UserPage.class.php b/wcfsetup/install/files/lib/page/UserPage.class.php index 4c7aa7eec2..c75dafe916 100644 --- a/wcfsetup/install/files/lib/page/UserPage.class.php +++ b/wcfsetup/install/files/lib/page/UserPage.class.php @@ -37,11 +37,6 @@ class UserPage extends AbstractPage { */ public $enableTracking = true; - /** - * @see \wcf\page\AbstractPage::$neededPermissions - */ - public $neededPermissions = array('user.profile.canViewUserProfile'); - /** * edit profile on page load * @var boolean @@ -102,6 +97,10 @@ class UserPage extends AbstractPage { throw new IllegalLinkException(); } + if ($this->user->userID != WCF::getUser()->userID && !WCF::getSession()->getPermission('user.profile.canViewUserProfile')) { + throw new PermissionDeniedException(); + } + // check is Accessible if ($this->user->isProtected()) { throw new PermissionDeniedException(); -- 2.20.1