From da9139b7bab95f6e5ba5f4bb2d99011c2d6db03a Mon Sep 17 00:00:00 2001
From: crupest <crupest@outlook.com>
Date: Wed, 23 Mar 2022 21:30:14 +0800
Subject: …
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 BackEnd/Timeline/Controllers/UserAvatarController.cs | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'BackEnd/Timeline/Controllers/UserAvatarController.cs')

diff --git a/BackEnd/Timeline/Controllers/UserAvatarController.cs b/BackEnd/Timeline/Controllers/UserAvatarController.cs
index 5b8c5cdf..072ab621 100644
--- a/BackEnd/Timeline/Controllers/UserAvatarController.cs
+++ b/BackEnd/Timeline/Controllers/UserAvatarController.cs
@@ -61,7 +61,7 @@ namespace Timeline.Controllers
         [ProducesResponseType(StatusCodes.Status403Forbidden)]
         public async Task<IActionResult> Put([FromRoute][Username] string username, [FromBody] ByteData body)
         {
-            if (!UserHasPermission(UserPermission.UserManagement) && GetUsername() != username)
+            if (!UserHasPermission(UserPermission.UserManagement) && !await CheckIsSelf(username))
             {
                 return ForbidWithCommonResponse(Resource.MessageForbidNotAdministratorOrOwner);
             }
@@ -91,7 +91,7 @@ namespace Timeline.Controllers
         [ProducesResponseType(StatusCodes.Status403Forbidden)]
         public async Task<IActionResult> Delete([FromRoute][Username] string username)
         {
-            if (!UserHasPermission(UserPermission.UserManagement) && User.Identity!.Name != username)
+            if (!UserHasPermission(UserPermission.UserManagement) && !await CheckIsSelf(username))
             {
                 return ForbidWithCommonResponse(Resource.MessageForbidNotAdministratorOrOwner);
             }
-- 
cgit v1.2.3