X-Git-Url: http://source.bookstackapp.com/bookstack/blobdiff_plain/ec775aec02c0887d5cf2dc23c938a75b7eaf67d2..refs/pull/4618/head:/app/Users/Controllers/UserController.php

diff --git a/app/Users/Controllers/UserController.php b/app/Users/Controllers/UserController.php
index 1c1b7ba23..0cd48948f 100644
--- a/app/Users/Controllers/UserController.php
+++ b/app/Users/Controllers/UserController.php
@@ -103,6 +103,7 @@ class UserController extends Controller
      */
     public function edit(int $id, SocialAuthService $socialAuthService)
     {
+        $this->preventGuestAccess();
         $this->checkPermissionOrCurrentUser('users-manage', $id);
 
         $user = $this->userRepo->getById($id);
@@ -133,6 +134,7 @@ class UserController extends Controller
     public function update(Request $request, int $id)
     {
         $this->preventAccessInDemoMode();
+        $this->preventGuestAccess();
         $this->checkPermissionOrCurrentUser('users-manage', $id);
 
         $validated = $this->validate($request, [
@@ -176,6 +178,7 @@ class UserController extends Controller
      */
     public function delete(int $id)
     {
+        $this->preventGuestAccess();
         $this->checkPermissionOrCurrentUser('users-manage', $id);
 
         $user = $this->userRepo->getById($id);
@@ -192,6 +195,7 @@ class UserController extends Controller
     public function destroy(Request $request, int $id)
     {
         $this->preventAccessInDemoMode();
+        $this->preventGuestAccess();
         $this->checkPermissionOrCurrentUser('users-manage', $id);
 
         $user = $this->userRepo->getById($id);