From: Lukas Reschke <lukas@statuscode.ch>
Date: Wed, 10 Oct 2012 16:05:34 +0000 (+0200)
Subject: Disallow users to delete their own accounts
X-Git-Tag: v5.0.0alpha1~823
X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=2f4b1b0e4c52b1685642513482a697f9ab1e5fc1;p=nextcloud-server.git

Disallow users to delete their own accounts
---

diff --git a/settings/ajax/removeuser.php b/settings/ajax/removeuser.php
index 6b11fa5c4fb..1e3cd2993b0 100644
--- a/settings/ajax/removeuser.php
+++ b/settings/ajax/removeuser.php
@@ -8,6 +8,11 @@ OCP\JSON::callCheck();
 
 $username = $_POST["username"];
 
+// A user shouldn't be able to delete his own account
+if(OC_User::getUser() === $username) {
+	exit;
+}
+
 if(!OC_Group::inGroup(OC_User::getUser(), 'admin') && !OC_SubAdmin::isUserAccessible(OC_User::getUser(), $username)) {
 	$l = OC_L10N::get('core');
 	OC_JSON::error(array( 'data' => array( 'message' => $l->t('Authentication error') )));
@@ -20,4 +25,4 @@ if( OC_User::deleteUser( $username )) {
 }
 else{
 	OC_JSON::error(array("data" => array( "message" => $l->t("Unable to delete user") )));
-}
+}
\ No newline at end of file