mirror/Part-DB.Part-DB-server
1
0
Fork 1
mirror of https://github.com/Part-DB/Part-DB-server.git synced 2025-06-21 17:39:06 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

Check for permissions before showing user infos or allow the user to change its own infos.

Browse source
This commit is contained in:
Jan Böhmer 2019-03-19 18:36:05 +01:00
parent b9cd2fcc7f
commit 6ed2eeabae
5 changed files with 130 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

4
src/Controller/UserController.php
View file

@ -55,10 +55,12 @@ class UserController extends AbstractController
*/
public function userInfo(?User $user, Packages $packages)
{
//If no user id was passed, then we show info about the current user
if($user == null) {
$user = $this->getUser();
} else {
//Else we must check, if the current user is allowed to access $user
$this->denyAccessUnlessGranted('read', $user);
}
if($this->getParameter("use_gravatar")) {