]> BookStack Code Mirror - bookstack/blobdiff - app/Http/Controllers/UserController.php
Adds test cases and fixes an issue with the permission checking.
[bookstack] / app / Http / Controllers / UserController.php
index 5c10133a2cbe1aa6c4a2cf3e6cfd86777bfb0c01..397bb2922b6f558a5a2ede8e12c3f6275ccdc1bc 100644 (file)
@@ -251,7 +251,9 @@ class UserController extends Controller
     }
 
     public function switchBookView($id, Request $request) {
-        $this->checkPermission('users-manage');
+        $this->checkPermissionOr('users-manage', function () use ($id) {
+            return $this->currentUser->id == $id;
+        });
         $viewType = $request->get('book_view_type');
 
         if (!in_array($viewType, ['grid', 'list'])) {