From 42b8049ae57c14c719a61a3669c80bcc4123b15a Mon Sep 17 00:00:00 2001
From: Marcin Kurczewski <mkurczew@gmail.com>
Date: Tue, 6 May 2014 19:03:13 +0200
Subject: [PATCH] Fixed privileges in user view

---
 src/Controllers/UserController.php | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/src/Controllers/UserController.php b/src/Controllers/UserController.php
index 5a345c6f..d0f19f0b 100644
--- a/src/Controllers/UserController.php
+++ b/src/Controllers/UserController.php
@@ -33,9 +33,17 @@ class UserController
 			$query = 'fav:' . $user->getName();
 
 		elseif ($tab == 'delete')
-			Access::assert(new Privilege(Privilege::DeleteUser));
+		{
+			Access::assert(new Privilege(
+				Privilege::DeleteUser,
+				Access::getIdentity($user)));
+		}
 		elseif ($tab == 'settings')
-			Access::assert(new Privilege(Privilege::ChangeUserSettings));
+		{
+			Access::assert(new Privilege(
+				Privilege::ChangeUserSettings,
+				Access::getIdentity($user)));
+		}
 		elseif ($tab == 'edit' and !(new EditUserJob)->canEditAnything(Auth::getCurrentUser()))
 			Access::fail();