From adc442232398b95825e0559c894b2b0925514aba Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Tue, 15 Jan 2019 17:57:30 +0100
Subject: [PATCH] Update card.php

---
 htdocs/user/card.php | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/htdocs/user/card.php b/htdocs/user/card.php
index bb3d7e7d8f6..6db383ed515 100644
--- a/htdocs/user/card.php
+++ b/htdocs/user/card.php
@@ -85,7 +85,9 @@ if ($user->societe_id > 0) $socid = $user->societe_id;
 $feature2='user';
 if ($user->id == $id) { $feature2=''; $canreaduser=1; } // A user can always read its own card
 
-$result = restrictedArea($user, 'user', $id, 'user&user', $feature2);
+if (! $canreaduser) {
+	$result = restrictedArea($user, 'user', $id, 'user&user', $feature2);
+}
 
 if ($user->id <> $id && ! $canreaduser) accessforbidden();