Allow PrivilegeViewUserAdvanced owners to see all users' user IDs.

2016-04-12 22:21:39 +02:00 · 2016-04-12 22:21:39 +02:00 · 4bf5673bd0
parent c4e03dc189
commit 4bf5673bd0
1 changed files with 1 additions and 1 deletions
--- a/app/v1/user.go
+++ b/app/v1/user.go
@ -140,7 +140,7 @@ func UserWhatsTheIDGET(md common.MethodData) common.Response {
 		allowed int
 	)
 	err := md.DB.QueryRow("SELECT id, allowed FROM users WHERE username = ? LIMIT 1", md.C.Param("username")).Scan(&id, &allowed)
-	if err != nil || allowed != 1 {
+	if err != nil || (allowed != 1 && !md.User.Privileges.HasPrivilegeViewUserAdvanced()) {
 		return common.Response{
 			Code:    404,
 			Message: "That user could not be found!",