correct permissions on user pages

controllers/UsersController.inc

@@ -67,6 +67,7 @@
 		 * Show a user and its details.
 		 * 
 		 * @throws	IdNotFoundException
+		 * @throws	AccessDeniedException
 		 * @param	string	$userUrl	URL-Username of an user
 		 */
 		public function user($userUrl)
@@ -74,6 +75,11 @@
 			// Get user
 			$user = $this->Users->getUserByUrl($userUrl);
 			
+			// Check permissions
+			if(count(array_intersect(array('admin','moderator'), \hhu\z\controllers\IntermediateController::$user['roles'])) == 0 && $user['id'] != IntermediateController::$user['id']) {
+				throw new \nre\exceptions\AccessDeniedException();
+			}
+			
 			// Get Characters
 			$characters = $this->Characters->getCharactersForUser($user['id']);
 			

views/html/users/user.tpl

@@ -1,9 +1,11 @@
 <h1><?=_('Users')?></h1>
 <h2><?=$user['username']?></h2>
+<?php if(count(array_intersect(array('admin','moderator'),\hhu\z\controllers\IntermediateController::$user['roles'])) > 0) : ?>
 <nav>
 	<li><a href="<?=$linker->link('edit', 3)?>"><?=_('Edit user')?></a></li>
 	<li><a href="<?=$linker->link('delete', 3)?>"><?=_('Delete user')?></a></li>
 </nav>
+<?php endif ?>
 <p>
 	<?=sprintf(_('registered on %s'), $dateFormatter->format(new \DateTime($user['created'])))?>
 </p>