Validate that a user can see another user's page

src/controllers/user_controller.rs

@@ -50,6 +50,9 @@ pub fn get_multiple(request: &mut HttpRequestHandler) -> RequestResult {
 pub fn get_advanced_info(request: &mut HttpRequestHandler) -> RequestResult {
     let user_id = request.post_user_id("userID")?;
 
+    if !user_helper::can_see_user_page(request.user_id_opt().unwrap_or(0), user_id)? {
+        request.forbidden("You are not allowed to see this user page!".to_string())?;
+    }
 
     request.success("get user info")
 }