From e0ca5ea2ff8dc38a706e4a4d403f4579be038dec Mon Sep 17 00:00:00 2001
From: Alias Qli <2576814881@qq.com>
Date: Fri, 22 Jul 2022 00:57:56 +0800
Subject: [PATCH] Check authorisation

---
 src/Distribution/Server/Features/UserDetails.hs | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/Distribution/Server/Features/UserDetails.hs b/src/Distribution/Server/Features/UserDetails.hs
index 04b5e750a..6240e9e8c 100644
--- a/src/Distribution/Server/Features/UserDetails.hs
+++ b/src/Distribution/Server/Features/UserDetails.hs
@@ -330,6 +330,7 @@ userDetailsFeature templates userDetailsState UserFeature{..} CoreFeature{..} Up
     handlerGetUserNameContactHtml :: DynamicPath -> ServerPartE Response
     handlerGetUserNameContactHtml dpath = do
       (uid, uinfo) <- lookupUserNameFull =<< userNameInPath dpath
+      guardAuthorised_ [IsUserId uid, InGroup adminGroup]
       template <- getTemplate templates "user-details-form.html"
       udetails <- queryUserDetails uid
       showConfirmationOfSave <- not . null <$> queryString (lookBSs "showConfirmationOfSave")