Commit 6d807a7e authored by Leigh Stoller's avatar Leigh Stoller
parent eab1ec31
......@@ -45,7 +45,8 @@ function Do_GetProfile()
SPITAJAX_ERROR(1, "Unknown profile uuid");
return;
}
if ($this_idx != $profile->creator_idx() && !ISADMIN()) {
if (!ISADMIN() &&
!$profile->CanView($this_user)) {
SPITAJAX_ERROR(1, "Not enough permission");
return;
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment