X-Git-Url: http://source.bookstackapp.com/bookstack/blobdiff_plain/ec775aec02c0887d5cf2dc23c938a75b7eaf67d2..refs/pull/4618/head:/app/Users/Controllers/UserController.php diff --git a/app/Users/Controllers/UserController.php b/app/Users/Controllers/UserController.php index 1c1b7ba23..0cd48948f 100644 --- a/app/Users/Controllers/UserController.php +++ b/app/Users/Controllers/UserController.php @@ -103,6 +103,7 @@ class UserController extends Controller */ public function edit(int $id, SocialAuthService $socialAuthService) { + $this->preventGuestAccess(); $this->checkPermissionOrCurrentUser('users-manage', $id); $user = $this->userRepo->getById($id); @@ -133,6 +134,7 @@ class UserController extends Controller public function update(Request $request, int $id) { $this->preventAccessInDemoMode(); + $this->preventGuestAccess(); $this->checkPermissionOrCurrentUser('users-manage', $id); $validated = $this->validate($request, [ @@ -176,6 +178,7 @@ class UserController extends Controller */ public function delete(int $id) { + $this->preventGuestAccess(); $this->checkPermissionOrCurrentUser('users-manage', $id); $user = $this->userRepo->getById($id); @@ -192,6 +195,7 @@ class UserController extends Controller public function destroy(Request $request, int $id) { $this->preventAccessInDemoMode(); + $this->preventGuestAccess(); $this->checkPermissionOrCurrentUser('users-manage', $id); $user = $this->userRepo->getById($id);