Check permission on delete

2023-06-29 09:43:31 +02:00 · 2023-06-29 09:43:31 +02:00 · b7d1f9e1f1
commit b7d1f9e1f1
parent a22dc8b5ce
1 changed files with 3 additions and 1 deletions
--- a/core/module/user/user.php
+++ b/core/module/user/user.php
@ -184,6 +184,7 @@ class user extends common
 	{
 		// Accès refusé
 		if (
+			$this->getUser('permission', __CLASS__, __FUNCTION__) === false ||
 			// L'utilisateur n'existe pas
 			$this->getData(['user', $this->getUrl(2)]) === null
 			// Groupe insuffisant
@ -230,7 +231,7 @@ class user extends common
 	public function edit()
 	{
 		if (
-			$this->checkCSRF()
+			$this->getUser('permission', __CLASS__, __FUNCTION__) === false
 		) {

 			// Valeurs en sortie
@ -531,6 +532,7 @@ class user extends common
 	public function profilEdit()
 	{
 		if (
+			$this->getUser('permission', __CLASS__, __FUNCTION__) === false ||
 			$this->checkCSRF()
 		) {