correct permissions on user pages

controllers/UsersController.inc

@@ -67,6 +67,7 @@
 		 * Show a user and its details.
 		 * 
 		 * @throws	IdNotFoundException
+		 * @throws	AccessDeniedException
 		 * @param	string	$userUrl	URL-Username of an user
 		 */
 		public function user($userUrl)
@@ -74,6 +75,11 @@
 			// Get user
 			$user = $this->Users->getUserByUrl($userUrl);
 			
+			// Check permissions
+			if(count(array_intersect(array('admin','moderator'), \hhu\z\controllers\IntermediateController::$user['roles'])) == 0 && $user['id'] != IntermediateController::$user['id']) {
+				throw new \nre\exceptions\AccessDeniedException();
+			}
+			
 			// Get Characters
 			$characters = $this->Characters->getCharactersForUser($user['id']);