From 14ff8916b48964fa9b7e0f48d09ba3938034f4cb Mon Sep 17 00:00:00 2001
From: FusionPBX <mark@fusionpbx.com>
Date: Mon, 22 Sep 2025 21:37:47 -0600
Subject: [PATCH] Update user_edit.php

---
 core/users/user_edit.php | 18 +++++++-----------
 1 file changed, 7 insertions(+), 11 deletions(-)

diff --git a/core/users/user_edit.php b/core/users/user_edit.php
index 5cc43ac196..e1758fb3bb 100644
--- a/core/users/user_edit.php
+++ b/core/users/user_edit.php
@@ -29,17 +29,18 @@
 	require_once dirname(__DIR__, 2) . "/resources/require.php";
 	require_once "resources/check_auth.php";
 
+//check permissions
+	if (!permission_exists('user_view') && !permission_exists('user_add') && !permission_exists('user_edit')) {
+		echo "access denied";
+		exit;
+	}
+
 //add multi-lingual support
 	$language = new text;
 	$text = $language->get();
 
-//create a single database object
-	$database = new database;
-	$database->app_name = 'users';
-	$database->app_uuid = '112124b3-95c2-5352-7e9d-d14c0b88f207';
-
 //get user uuid
-	if (!empty($_REQUEST["id"]) && ((is_uuid($_REQUEST["id"]) && permission_exists('user_edit')) || (is_uuid($_REQUEST["id"]) && $_REQUEST["id"] == $_SESSION['user_uuid']))) {
+	if (permission_exists('user_edit') && !empty($_REQUEST["id"]) && is_uuid($_REQUEST["id"])) {
 		$user_uuid = $_REQUEST["id"];
 		$action = 'edit';
 	}
@@ -47,11 +48,6 @@
 		$user_uuid = uuid();
 		$action = 'add';
 	}
-	else {
-		// load users own account
-		header("Location: user_edit.php?id=".urlencode($_SESSION['user_uuid']));
-		exit;
-	}
 
 //get total user count from the database, check limit, if defined
 	if (permission_exists('user_add') && $action == 'add' && !empty($_SESSION['limit']['users']['numeric'])) {