From 804e74a3d74f004c2cb57fce09fd86c093e296cf Mon Sep 17 00:00:00 2001
From: tonis <tonis@andmemasin.eu>
Date: Fri, 8 Mar 2024 09:29:23 +0200
Subject: [PATCH] added option to disable viewing any other user's profile for
 non-admin users

---
 src/User/Controller/ProfileController.php | 12 ++++++++++++
 src/User/Module.php                       |  4 ++++
 2 files changed, 16 insertions(+)

diff --git a/src/User/Controller/ProfileController.php b/src/User/Controller/ProfileController.php
index 2e99fe1..2a9e66b 100644
--- a/src/User/Controller/ProfileController.php
+++ b/src/User/Controller/ProfileController.php
@@ -11,15 +11,20 @@
 
 namespace Da\User\Controller;
 
+use Da\User\Model\User;
 use Da\User\Query\ProfileQuery;
+use Da\User\Traits\ModuleAwareTrait;
 use Yii;
 use yii\base\Module;
 use yii\filters\AccessControl;
 use yii\web\Controller;
+use yii\web\ForbiddenHttpException;
 use yii\web\NotFoundHttpException;
 
 class ProfileController extends Controller
 {
+    use ModuleAwareTrait;
+
     protected $profileQuery;
 
     /**
@@ -67,6 +72,13 @@ class ProfileController extends Controller
 
     public function actionShow($id)
     {
+        $user = Yii::$app->user;
+        /** @var User $identity */
+        $identity = $user->getIdentity();
+        if($user->getId() != $id && $this->module->disableProfileViewsForRegularUsers && !$identity->getIsAdmin()) {
+            throw new ForbiddenHttpException();
+        }
+
         $profile = $this->profileQuery->whereUserId($id)->one();
 
         if ($profile === null) {
diff --git a/src/User/Module.php b/src/User/Module.php
index d8b4e03..a27360b 100755
--- a/src/User/Module.php
+++ b/src/User/Module.php
@@ -241,6 +241,10 @@ class Module extends BaseModule
      * @var boolean whether to disable IP logging into user table
      */
     public $disableIpLogging = false;
+    /**
+     * @var boolean whether to disable viewing any user's profile for non-admin users
+     */
+    public $disableProfileViewsForRegularUsers = false;
     /**
      * @var array Minimum requirements when a new password is automatically generated.
      *            Array structure: `requirement => minimum number characters`.