mirror of
https://github.com/nextcloud/server.git
synced 2024-07-26 06:14:59 +02:00
Merge pull request #46073 from nextcloud/fix/save_global_credentials
This commit is contained in:
commit
369c552e41
@ -84,15 +84,21 @@ class AjaxController extends Controller {
|
||||
*/
|
||||
public function saveGlobalCredentials($uid, $user, $password) {
|
||||
$currentUser = $this->userSession->getUser();
|
||||
if ($currentUser === null) {
|
||||
return false;
|
||||
}
|
||||
|
||||
// Non-admins can only edit their own credentials
|
||||
$allowedToEdit = ($currentUser->getUID() === $uid);
|
||||
// Admin can edit global credentials
|
||||
$allowedToEdit = $uid === ''
|
||||
? $this->groupManager->isAdmin($currentUser->getUID())
|
||||
: $currentUser->getUID() === $uid;
|
||||
|
||||
if ($allowedToEdit) {
|
||||
$this->globalAuth->saveAuth($uid, $user, $password);
|
||||
return true;
|
||||
} else {
|
||||
return false;
|
||||
}
|
||||
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user