From 95ec6a8f571c8dbc93cbdcb871f763fdcf074d72 Mon Sep 17 00:00:00 2001
From: Bharat Mediratta <bharat@menalto.com>
Date: Thu, 25 Dec 2008 02:47:17 +0000
Subject: Only admins can delete users.

---
 modules/user/controllers/users.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'modules/user/controllers')

diff --git a/modules/user/controllers/users.php b/modules/user/controllers/users.php
index a0f6a2ef..88f499e6 100644
--- a/modules/user/controllers/users.php
+++ b/modules/user/controllers/users.php
@@ -82,7 +82,7 @@ class Users_Controller extends REST_Controller {
    *  @see REST_Controller::_delete($resource)
    */
   public function _delete($user) {
-    if (!user::active()->admin && ($user->guest || $user->id != user::active()->id)) {
+    if (!user::active()->admin) {
       access::forbidden();
     }
     // Prevent CSRF
-- 
cgit v1.2.3