From d1c109a84f21770d1e51370b57b2f94e4f3cf758 Mon Sep 17 00:00:00 2001
From: flashwave <me@flash.moe>
Date: Mon, 17 Sep 2018 10:13:57 +0200
Subject: [PATCH] Missed this one.

---
 public/settings.php | 42 +++++++++++++++++++++++-------------------
 1 file changed, 23 insertions(+), 19 deletions(-)

diff --git a/public/settings.php b/public/settings.php
index 9b0022c1..dbfc4535 100644
--- a/public/settings.php
+++ b/public/settings.php
@@ -77,29 +77,33 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
         $settingsErrors[] = $csrfErrorString;
     } else {
         if (!empty($_POST['profile']) && is_array($_POST['profile'])) {
-            $setUserFieldErrors = user_profile_fields_set($app->getUserId(), $_POST['profile']);
+            if (!$perms['edit_profile']) {
+                $settingsErrors[] = "You're not allowed to edit your profile.";
+            } else {
+                $setUserFieldErrors = user_profile_fields_set($app->getUserId(), $_POST['profile']);
 
-            if (count($setUserFieldErrors) > 0) {
-                foreach ($setUserFieldErrors as $name => $error) {
-                    switch ($error) {
-                        case MSZ_USER_PROFILE_INVALID_FIELD:
-                            $settingsErrors[] = sprintf("Field '%s' does not exist!", $name);
-                            break;
+                if (count($setUserFieldErrors) > 0) {
+                    foreach ($setUserFieldErrors as $name => $error) {
+                        switch ($error) {
+                            case MSZ_USER_PROFILE_INVALID_FIELD:
+                                $settingsErrors[] = sprintf("Field '%s' does not exist!", $name);
+                                break;
 
-                        case MSZ_USER_PROFILE_FILTER_FAILED:
-                            $settingsErrors[] = sprintf(
-                                '%s field was invalid!',
-                                user_profile_field_get_display_name($name)
-                            );
-                            break;
+                            case MSZ_USER_PROFILE_FILTER_FAILED:
+                                $settingsErrors[] = sprintf(
+                                    '%s field was invalid!',
+                                    user_profile_field_get_display_name($name)
+                                );
+                                break;
 
-                        case MSZ_USER_PROFILE_UPDATE_FAILED:
-                            $settingsErrors[] = 'Failed to update values, contact an administator.';
-                            break;
+                            case MSZ_USER_PROFILE_UPDATE_FAILED:
+                                $settingsErrors[] = 'Failed to update values, contact an administator.';
+                                break;
 
-                        default:
-                            $settingsErrors[] = 'An unexpected error occurred, contact an administator.';
-                            break;
+                            default:
+                                $settingsErrors[] = 'An unexpected error occurred, contact an administator.';
+                                break;
+                        }
                     }
                 }
             }