From dc2fb05c7fb277d0d7d36d6ecf30e06011f4a158 Mon Sep 17 00:00:00 2001
From: Toby Zerner <toby.zerner@gmail.com>
Date: Thu, 13 Aug 2015 12:59:40 +0930
Subject: [PATCH] Fix avatar uploading permissions

closes flarum/core#230
---
 .../core/src/Core/Users/Commands/DeleteAvatarHandler.php      | 4 +++-
 .../core/src/Core/Users/Commands/UploadAvatarHandler.php      | 4 +++-
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/framework/core/src/Core/Users/Commands/DeleteAvatarHandler.php b/framework/core/src/Core/Users/Commands/DeleteAvatarHandler.php
index 941123cf4..a06429572 100644
--- a/framework/core/src/Core/Users/Commands/DeleteAvatarHandler.php
+++ b/framework/core/src/Core/Users/Commands/DeleteAvatarHandler.php
@@ -42,7 +42,9 @@ class DeleteAvatarHandler
         // Make sure the current user is allowed to edit the user profile.
         // This will let admins and the user themselves pass through, and
         // throw an exception otherwise.
-        $user->assertCan($actor, 'edit');
+        if ($actor->id !== $user->id) {
+            $user->assertCan($actor, 'edit');
+        }
 
         $avatarPath = $user->avatar_path;
         $user->changeAvatarPath(null);
diff --git a/framework/core/src/Core/Users/Commands/UploadAvatarHandler.php b/framework/core/src/Core/Users/Commands/UploadAvatarHandler.php
index aabb08b64..754042ddb 100644
--- a/framework/core/src/Core/Users/Commands/UploadAvatarHandler.php
+++ b/framework/core/src/Core/Users/Commands/UploadAvatarHandler.php
@@ -48,7 +48,9 @@ class UploadAvatarHandler
         // Make sure the current user is allowed to edit the user profile.
         // This will let admins and the user themselves pass through, and
         // throw an exception otherwise.
-        $user->assertCan($actor, 'edit');
+        if ($actor->id !== $user->id) {
+            $user->assertCan($actor, 'edit');
+        }
 
         $tmpFile = tempnam(sys_get_temp_dir(), 'avatar');
         $command->file->moveTo($tmpFile);