Disallow users to delete their own accounts

diff --git a/settings/ajax/removeuser.php b/settings/ajax/removeuser.php
index 6b11fa5c4fb548e707f9e8ad3657dca699899f8e..1e3cd2993b01088e9fc227eb90feb307c01a7635 100644 (file)
--- a/settings/ajax/removeuser.php
+++ b/settings/ajax/removeuser.php
@@ -8,6 +8,11 @@ OCP\JSON::callCheck();
 
 $username = $_POST["username"];
 
+// A user shouldn't be able to delete his own account
+if(OC_User::getUser() === $username) {
+       exit;
+}
+
 if(!OC_Group::inGroup(OC_User::getUser(), 'admin') && !OC_SubAdmin::isUserAccessible(OC_User::getUser(), $username)) {
        $l = OC_L10N::get('core');
        OC_JSON::error(array( 'data' => array( 'message' => $l->t('Authentication error') )));
@@ -20,4 +25,4 @@ if( OC_User::deleteUser( $username )) {
 }
 else{
        OC_JSON::error(array("data" => array( "message" => $l->t("Unable to delete user") )));
-}
+}
\ No newline at end of file