From 0508c99b43ab03025a26f43e2ad0506445cec553 Mon Sep 17 00:00:00 2001
From: Luka Vandervelden <lukc@upyum.com>
Date: Fri, 2 Oct 2020 22:03:07 +0200
Subject: [PATCH] More precise permission checking during EditProfile requests.

---
 src/main.cr | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/main.cr b/src/main.cr
index c3c7a4d..cacf516 100644
--- a/src/main.cr
+++ b/src/main.cr
@@ -432,8 +432,10 @@ class AuthD::Service
 
 			new_profile = request.new_profile
 
+			profile = user.profile || Hash(String, JSON::Any).new
+
 			@read_only_profile_keys.each do |key|
-				if new_profile.has_key? key
+				if new_profile[key]? != profile[key]?
 					return Response::Error.new "tried to edit read only key"
 				end
 			end