Only admins can delete users.

author: Bharat Mediratta <bharat@menalto.com> 2008-12-25 02:47:17 +0000
committer: Bharat Mediratta <bharat@menalto.com> 2008-12-25 02:47:17 +0000
commit: 95ec6a8f571c8dbc93cbdcb871f763fdcf074d72 (patch)
tree: c717ce7c62e2aad572d77408052e3b8cffe1d019
parent: 216ecf30798e740139fdad2a3cf309a9f5cebea2 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/modules/user/controllers/users.php b/modules/user/controllers/users.php
index a0f6a2ef..88f499e6 100644
--- a/modules/user/controllers/users.php
+++ b/modules/user/controllers/users.php
@@ -82,7 +82,7 @@ class Users_Controller extends REST_Controller {
    *  @see REST_Controller::_delete($resource)
    */
   public function _delete($user) {
-    if (!user::active()->admin && ($user->guest || $user->id != user::active()->id)) {
+    if (!user::active()->admin) {
       access::forbidden();
     }
     // Prevent CSRF
author	Bharat Mediratta <bharat@menalto.com>	2008-12-25 02:47:17 +0000
committer	Bharat Mediratta <bharat@menalto.com>	2008-12-25 02:47:17 +0000
commit	95ec6a8f571c8dbc93cbdcb871f763fdcf074d72 (patch)
tree	c717ce7c62e2aad572d77408052e3b8cffe1d019
parent	216ecf30798e740139fdad2a3cf309a9f5cebea2 (diff)