diff --git a/framework/core/src/Core/Users/Commands/DeleteAvatarHandler.php b/framework/core/src/Core/Users/Commands/DeleteAvatarHandler.php index 941123cf4..a06429572 100644 --- a/framework/core/src/Core/Users/Commands/DeleteAvatarHandler.php +++ b/framework/core/src/Core/Users/Commands/DeleteAvatarHandler.php @@ -42,7 +42,9 @@ class DeleteAvatarHandler // Make sure the current user is allowed to edit the user profile. // This will let admins and the user themselves pass through, and // throw an exception otherwise. - $user->assertCan($actor, 'edit'); + if ($actor->id !== $user->id) { + $user->assertCan($actor, 'edit'); + } $avatarPath = $user->avatar_path; $user->changeAvatarPath(null); diff --git a/framework/core/src/Core/Users/Commands/UploadAvatarHandler.php b/framework/core/src/Core/Users/Commands/UploadAvatarHandler.php index aabb08b64..754042ddb 100644 --- a/framework/core/src/Core/Users/Commands/UploadAvatarHandler.php +++ b/framework/core/src/Core/Users/Commands/UploadAvatarHandler.php @@ -48,7 +48,9 @@ class UploadAvatarHandler // Make sure the current user is allowed to edit the user profile. // This will let admins and the user themselves pass through, and // throw an exception otherwise. - $user->assertCan($actor, 'edit'); + if ($actor->id !== $user->id) { + $user->assertCan($actor, 'edit'); + } $tmpFile = tempnam(sys_get_temp_dir(), 'avatar'); $command->file->moveTo($tmpFile);