EZPPFarm/ripple-api
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Allow PrivilegeViewUserAdvanced owners to see all users' user IDs.

Browse Source
This commit is contained in:
Howl 2016-04-12 22:21:39 +02:00
parent c4e03dc189
commit 4bf5673bd0
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
app/v1/user.go
View File

@ -140,7 +140,7 @@ func UserWhatsTheIDGET(md common.MethodData) common.Response {
allowed int
)
err := md.DB.QueryRow("SELECT id, allowed FROM users WHERE username = ? LIMIT 1", md.C.Param("username")).Scan(&id, &allowed)
if err != nil || allowed != 1 {
if err != nil || (allowed != 1 && !md.User.Privileges.HasPrivilegeViewUserAdvanced()) {
return common.Response{
Code: 404,
Message: "That user could not be found!",