createUserAccountService(); $userAvatarService = $userServicesFactory->createUserAvatarService(); if (($_SERVER['REQUEST_METHOD'] ?? 'GET') !== 'POST') { Router::redirect('admin'); return; } $uuid = trim((string) ($id ?? '')); if (!$userAvatarService->isValidUuid($uuid)) { Flash::error('User not found', 'admin', 'user_not_found'); Router::redirect('admin'); return; } $currentUserId = (int) ($_SESSION['user']['id'] ?? 0); $user = $uuid !== '' ? $userAccountService->findByUuid($uuid) : null; $userId = (int) ($user['id'] ?? 0); if ($userId > 0 && $currentUserId !== $userId && !directoryServicesFactory()->createDirectoryScopeGateway()->canAccess('users', $userId, $currentUserId)) { Router::redirect('error/forbidden'); return; } $userAvatarService->delete($uuid); Flash::success('Avatar removed', "admin/users/edit/{$uuid}", 'avatar_removed'); Router::redirect("admin/users/edit/{$uuid}");