From d3da412fa7e10db8c721846152a2c056dd4ccbcf Mon Sep 17 00:00:00 2001
From: crupest <crupest@outlook.com>
Date: Thu, 12 Nov 2020 23:21:31 +0800
Subject: ...

---
 BackEnd/Timeline/Controllers/UserAvatarController.cs | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'BackEnd/Timeline/Controllers/UserAvatarController.cs')

diff --git a/BackEnd/Timeline/Controllers/UserAvatarController.cs b/BackEnd/Timeline/Controllers/UserAvatarController.cs
index bc4afa30..44d45b76 100644
--- a/BackEnd/Timeline/Controllers/UserAvatarController.cs
+++ b/BackEnd/Timeline/Controllers/UserAvatarController.cs
@@ -86,7 +86,7 @@ namespace Timeline.Controllers
         [ProducesResponseType(StatusCodes.Status403Forbidden)]
         public async Task<IActionResult> Put([FromRoute][Username] string username, [FromBody] ByteData body)
         {
-            if (!User.IsAdministrator() && User.Identity.Name != username)
+            if (!this.UserHasPermission(UserPermission.UserManagement) && User.Identity!.Name != username)
             {
                 _logger.LogInformation(Log.Format(LogPutForbid,
                     ("Operator Username", User.Identity.Name), ("Username To Put Avatar", username)));
@@ -149,10 +149,10 @@ namespace Timeline.Controllers
         [Authorize]
         public async Task<IActionResult> Delete([FromRoute][Username] string username)
         {
-            if (!User.IsAdministrator() && User.Identity.Name != username)
+            if (!this.UserHasPermission(UserPermission.UserManagement) && User.Identity!.Name != username)
             {
                 _logger.LogInformation(Log.Format(LogDeleteForbid,
-                    ("Operator Username", User.Identity.Name), ("Username To Delete Avatar", username)));
+                    ("Operator Username", User.Identity!.Name), ("Username To Delete Avatar", username)));
                 return StatusCode(StatusCodes.Status403Forbidden, ErrorResponse.Common.Forbid());
             }
 
-- 
cgit v1.2.3