fix secure issue with user data export

src/MicroweberPackages/User/helpers/api_user.php

@@ -65,7 +65,7 @@
 
 api_expose_admin('users/search_authors', function ($params = false) {
 
-    $return = array(); 
+    $return = array();
 
     $kw = false;
     if (isset($params['kw'])) {

src/MicroweberPackages/User/routes/api.php

@@ -17,6 +17,17 @@
 
     $userId = (int) $request->all()['user_id'];
 
+    $allowToExport = false;
+    if ($userId == user_id()) {
+        $allowToExport = true;
+    } else if (is_admin()) {
+        $allowToExport = true;
+    }
+
+    if ($allowToExport == false) {
+        return array('error' => 'You are now allowed to export this information.');
+    }
+
     $exportFromTables = [];
     $prefix = mw()->database_manager->get_prefix();
     $tablesList = mw()->database_manager->get_tables_list(true);