From ee34e6361d776cfc28a27c88f8033f2f55a6fbed Mon Sep 17 00:00:00 2001
From: Cyperghost <olaf_schmitz_1@t-online.de>
Date: Mon, 17 Jun 2024 12:08:36 +0200
Subject: [PATCH] Also check that the current user has the right to upload file
 attachments

---
 .../system/attachment/SignatureAttachmentObjectType.class.php  | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/wcfsetup/install/files/lib/system/attachment/SignatureAttachmentObjectType.class.php b/wcfsetup/install/files/lib/system/attachment/SignatureAttachmentObjectType.class.php
index c90f73b5986..302a352af6b 100644
--- a/wcfsetup/install/files/lib/system/attachment/SignatureAttachmentObjectType.class.php
+++ b/wcfsetup/install/files/lib/system/attachment/SignatureAttachmentObjectType.class.php
@@ -173,6 +173,7 @@ private function canAddUser(): bool
     private function canEditUser(UserProfile $userProfile): bool
     {
         return WCF::getSession()->getPermission('admin.user.canEditUser')
-            && UserGroup::isAccessibleGroup($userProfile->getGroupIDs());
+            && UserGroup::isAccessibleGroup($userProfile->getGroupIDs())
+            && WCF::getSession()->getPermission('user.signature.attachment.canUpload');
     }
 }