From ef6e1d16bf0e6be3dde6f28d645a10fd89f0de6b Mon Sep 17 00:00:00 2001
From: Yorhel <git@yorhel.nl>
Date: Wed, 12 Aug 2009 16:02:26 +0200
Subject: Allow a usermod to browse a users' list even when it's hidden

To make sure we can still see a troll if he marks his list as hidden.
Only admins have this usermod privilege, and admins are assumed to have
raw SQL access anyway.
---
 lib/VNDB/Handler/ULists.pm | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'lib/VNDB/Handler/ULists.pm')

diff --git a/lib/VNDB/Handler/ULists.pm b/lib/VNDB/Handler/ULists.pm
index 05b1f60f..2d8e0e0d 100644
--- a/lib/VNDB/Handler/ULists.pm
+++ b/lib/VNDB/Handler/ULists.pm
@@ -99,7 +99,7 @@ sub wishlist {
 
   my $own = $self->authInfo->{id} && $self->authInfo->{id} == $uid;
   my $u = $self->dbUserGet(uid => $uid)->[0];
-  return 404 if !$u || !$own && !$u->{show_list};
+  return 404 if !$u || !$own && !($u->{show_list} || $self->authCan('usermod'));
 
   my $f = $self->formValidate(
     { name => 'p', required => 0, default => 1, template => 'int' },
@@ -198,7 +198,7 @@ sub vnlist {
 
   my $own = $self->authInfo->{id} && $self->authInfo->{id} == $uid;
   my $u = $self->dbUserGet(uid => $uid)->[0];
-  return 404 if !$u || !$own && !$u->{show_list};
+  return 404 if !$u || !$own && !($u->{show_list} || $self->authCan('usermod'));
 
   my $f = $self->formValidate(
     { name => 'p',  required => 0, default => 1, template => 'int' },
-- 
cgit v1.2.3