aboutsummaryrefslogtreecommitdiff
path: root/BackEnd/Timeline/Controllers/UserAvatarController.cs
diff options
context:
space:
mode:
Diffstat (limited to 'BackEnd/Timeline/Controllers/UserAvatarController.cs')
-rw-r--r--BackEnd/Timeline/Controllers/UserAvatarController.cs4
1 files changed, 2 insertions, 2 deletions
diff --git a/BackEnd/Timeline/Controllers/UserAvatarController.cs b/BackEnd/Timeline/Controllers/UserAvatarController.cs
index 5b8c5cdf..072ab621 100644
--- a/BackEnd/Timeline/Controllers/UserAvatarController.cs
+++ b/BackEnd/Timeline/Controllers/UserAvatarController.cs
@@ -61,7 +61,7 @@ namespace Timeline.Controllers
[ProducesResponseType(StatusCodes.Status403Forbidden)]
public async Task<IActionResult> Put([FromRoute][Username] string username, [FromBody] ByteData body)
{
- if (!UserHasPermission(UserPermission.UserManagement) && GetUsername() != username)
+ if (!UserHasPermission(UserPermission.UserManagement) && !await CheckIsSelf(username))
{
return ForbidWithCommonResponse(Resource.MessageForbidNotAdministratorOrOwner);
}
@@ -91,7 +91,7 @@ namespace Timeline.Controllers
[ProducesResponseType(StatusCodes.Status403Forbidden)]
public async Task<IActionResult> Delete([FromRoute][Username] string username)
{
- if (!UserHasPermission(UserPermission.UserManagement) && User.Identity!.Name != username)
+ if (!UserHasPermission(UserPermission.UserManagement) && !await CheckIsSelf(username))
{
return ForbidWithCommonResponse(Resource.MessageForbidNotAdministratorOrOwner);
}
generated by cgit v1.2.3 (git 2.46.0) at 2025-09-28 21:30:10 +0000