Commit 34eec4bd authored by Leigh Stoller's avatar Leigh Stoller

Fix profile permission check.

parent 5295bf87
...@@ -627,10 +627,12 @@ function CheckStep2() ...@@ -627,10 +627,12 @@ function CheckStep2()
if (!$profile) { if (!$profile) {
$errors["error"] = "No such profile exists"; $errors["error"] = "No such profile exists";
} }
elseif (!($profile->ispublic() || #
(isset($this_user) && $profile->CanInstantiate($this_user)))){ # Our permission model is that anyone who knows the uuid can
$errors["error"] = "No permission to use profile"; # instantiate the profile, and either they provided the URL
} # in the URL or its a profile uuid they got from the instantiate
# page via their permissions. So no checks here.
#
} }
if (!$this_user) { if (!$this_user) {
# #
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment