From 6dd6942e1746aa35730cfd80b9b3f6b726cd1e18 Mon Sep 17 00:00:00 2001
From: Toby Zerner <toby.zerner@gmail.com>
Date: Thu, 13 Aug 2015 12:59:40 +0930
Subject: [PATCH] Fix avatar uploading permissions

closes flarum/core#230
---
 src/Core/Users/Commands/DeleteAvatarHandler.php | 4 +++-
 src/Core/Users/Commands/UploadAvatarHandler.php | 4 +++-
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/src/Core/Users/Commands/DeleteAvatarHandler.php b/src/Core/Users/Commands/DeleteAvatarHandler.php
index 941123cf4..a06429572 100644
--- a/src/Core/Users/Commands/DeleteAvatarHandler.php
+++ b/src/Core/Users/Commands/DeleteAvatarHandler.php
@@ -42,7 +42,9 @@ class DeleteAvatarHandler
         // Make sure the current user is allowed to edit the user profile.
         // This will let admins and the user themselves pass through, and
         // throw an exception otherwise.
-        $user->assertCan($actor, 'edit');
+        if ($actor->id !== $user->id) {
+            $user->assertCan($actor, 'edit');
+        }
 
         $avatarPath = $user->avatar_path;
         $user->changeAvatarPath(null);
diff --git a/src/Core/Users/Commands/UploadAvatarHandler.php b/src/Core/Users/Commands/UploadAvatarHandler.php
index aabb08b64..754042ddb 100644
--- a/src/Core/Users/Commands/UploadAvatarHandler.php
+++ b/src/Core/Users/Commands/UploadAvatarHandler.php
@@ -48,7 +48,9 @@ class UploadAvatarHandler
         // Make sure the current user is allowed to edit the user profile.
         // This will let admins and the user themselves pass through, and
         // throw an exception otherwise.
-        $user->assertCan($actor, 'edit');
+        if ($actor->id !== $user->id) {
+            $user->assertCan($actor, 'edit');
+        }
 
         $tmpFile = tempnam(sys_get_temp_dir(), 'avatar');
         $command->file->moveTo($tmpFile);