From 662dff046d7b287c380656a3c0302cd63736e753 Mon Sep 17 00:00:00 2001
From: Lukas Reschke <lukas@statuscode.ch>
Date: Fri, 18 Nov 2016 10:20:04 +0100
Subject: [PATCH] Adjust permission checks

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
---
 settings/Controller/UsersController.php | 14 ++++----------
 settings/templates/personal.php         | 12 ++++++------
 2 files changed, 10 insertions(+), 16 deletions(-)
diff --git a/settings/Controller/UsersController.php b/settings/Controller/UsersController.php
index 41f3bac733d..fa97845dfba 100644
--- a/settings/Controller/UsersController.php
+++ b/settings/Controller/UsersController.php
@@ -502,8 +502,6 @@ class UsersController extends Controller {
 	}
 
 	/**
-	 * @todo add method description
-	 *
 	 * @NoAdminRequired
 	 * @NoSubadminRequired
 	 * @PasswordConfirmationRequired
@@ -673,6 +671,8 @@ class UsersController extends Controller {
 	 * @PasswordConfirmationRequired
 	 * @todo merge into saveUserSettings
 	 *
+	 * @NoAdminRequired
+	 *
 	 * @param string $username
 	 * @param string $displayName
 	 * @return DataResponse
@@ -681,14 +681,8 @@ class UsersController extends Controller {
 		$currentUser = $this->userSession->getUser();
 		$user = $this->userManager->get($username);
 
-		if ($user === null ||
-			!$user->canChangeDisplayName() ||
-			(
-				!$this->groupManager->isAdmin($currentUser->getUID()) &&
-				!$this->groupManager->getSubAdmin()->isUserAccessible($currentUser, $user) &&
-				$currentUser->getUID() !== $username
-
-			)
+		if (!$this->groupManager->isAdmin($currentUser->getUID()) &&
+				!$this->groupManager->getSubAdmin()->isUserAccessible($currentUser, $user)
 		) {
 			return new DataResponse([
 				'status' => 'error',
diff --git a/settings/templates/personal.php b/settings/templates/personal.php
index 519ffa273d9..f5050ab190e 100644
--- a/settings/templates/personal.php
+++ b/settings/templates/personal.php
@@ -114,7 +114,7 @@ if($_['displayNameChangeSupported']) {
 	<div class="personal-settings-setting-box">
 		<form id="addressform" class="section">
 			<h2>
-				<label for="address"><?php echo $l->t('Address'); ?></label>
+				<label for="address"><?php p($l->t('Address')); ?></label>
 				<span class="icon-password"/>
 			</h2>
 			<input type="text" id="address" name="address"
@@ -233,17 +233,17 @@ if($_['passwordChangeSupported']) {
 	<h2 class="inlineblock"><?php p($l->t('Password'));?></h2>
 	<div id="password-error-msg" class="msg success inlineblock" style="display: none;">Saved</div>
 	<br>
-	<label for="pass1" class="hidden-visually"><?php echo $l->t('Current password');?>: </label>
+	<label for="pass1" class="hidden-visually"><?php p($l->t('Current password')); ?>: </label>
 	<input type="password" id="pass1" name="oldpassword"
-		placeholder="<?php echo $l->t('Current password');?>"
+		placeholder="<?php p($l->t('Current password'));?>"
 		autocomplete="off" autocapitalize="off" autocorrect="off" />
-	<label for="pass2" class="hidden-visually"><?php echo $l->t('New password');?>: </label>
+	<label for="pass2" class="hidden-visually"><?php p($l->t('New password'));?>: </label>
 	<input type="password" id="pass2" name="newpassword"
-		placeholder="<?php echo $l->t('New password');?>"
+		placeholder="<?php p($l->t('New password')); ?>"
 		data-typetoggle="#personal-show"
 		autocomplete="off" autocapitalize="off" autocorrect="off" />
 	<input type="checkbox" id="personal-show" name="show" /><label for="personal-show" class="personal-show-label"></label>
-	<input id="passwordbutton" type="submit" value="<?php echo $l->t('Change password');?>" />
+	<input id="passwordbutton" type="submit" value="<?php p($l->t('Change password')); ?>" />
 	<br/>
 </form>
 <?php
-- 
2.39.5

