...

1 files changed, 3 insertions, 3 deletions

diff --git a/BackEnd/Timeline/Controllers/UserAvatarController.cs b/BackEnd/Timeline/Controllers/UserAvatarController.cs
index bc4afa30..44d45b76 100644
--- a/BackEnd/Timeline/Controllers/UserAvatarController.cs
+++ b/BackEnd/Timeline/Controllers/UserAvatarController.cs
@@ -86,7 +86,7 @@ namespace Timeline.Controllers
         [ProducesResponseType(StatusCodes.Status403Forbidden)]

         public async Task<IActionResult> Put([FromRoute][Username] string username, [FromBody] ByteData body)

         {

-            if (!User.IsAdministrator() && User.Identity.Name != username)

+            if (!this.UserHasPermission(UserPermission.UserManagement) && User.Identity!.Name != username)

             {

                 _logger.LogInformation(Log.Format(LogPutForbid,

                     ("Operator Username", User.Identity.Name), ("Username To Put Avatar", username)));

@@ -149,10 +149,10 @@ namespace Timeline.Controllers
         [Authorize]

         public async Task<IActionResult> Delete([FromRoute][Username] string username)

         {

-            if (!User.IsAdministrator() && User.Identity.Name != username)

+            if (!this.UserHasPermission(UserPermission.UserManagement) && User.Identity!.Name != username)

             {

                 _logger.LogInformation(Log.Format(LogDeleteForbid,

-                    ("Operator Username", User.Identity.Name), ("Username To Delete Avatar", username)));

+                    ("Operator Username", User.Identity!.Name), ("Username To Delete Avatar", username)));

                 return StatusCode(StatusCodes.Status403Forbidden, ErrorResponse.Common.Forbid());

             }