From d1e2e6d83eed4e9b77faf6673950c40450925a25 Mon Sep 17 00:00:00 2001
From: Marcel Werk <burntime@woltlab.com>
Date: Fri, 23 Nov 2012 17:57:22 +0100
Subject: [PATCH] Added missing permission validation

---
 wcfsetup/install/files/lib/data/user/User.class.php | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/wcfsetup/install/files/lib/data/user/User.class.php b/wcfsetup/install/files/lib/data/user/User.class.php
index 76bb555704..0a51b307a4 100644
--- a/wcfsetup/install/files/lib/data/user/User.class.php
+++ b/wcfsetup/install/files/lib/data/user/User.class.php
@@ -368,4 +368,13 @@ final class User extends DatabaseObject implements IRouteController {
 		
 		return $language;
 	}
+	
+	/**
+	 * Returns true, if the active user can edit this user.
+	 * 
+	 * @return	boolean
+	 */
+	public function canEdit() {
+		return (WCF::getSession()->getPermission('admin.user.canEditUser') && UserGroup::isAccessibleGroup($this->getGroupIDs()));
+	}
 }
-- 
2.20.1