DataObjects/Core_person_settings.php

diff --git a/DataObjects/Core_person_settings.php b/DataObjects/Core_person_settings.php
index 1005ea5..0dd1ac7 100644 (file)
--- a/DataObjects/Core_person_settings.php
+++ b/DataObjects/Core_person_settings.php
@@ -29,4 +29,14 @@ class Pman_Core_DataObjects_Core_person_settings extends DB_DataObject
         
     }
     
+    function beforeUpdate($old, $q, $roo)
+    {
+        if(
+                !$roo->authUser ||
+                (!empty($this->person_id) && $this->person_id != $roo->authUser->id)
+        ) {
+            $roo->jerr('Access Dennied');
+        }
+    }
+    
  }