diff options
| author | Lukas Reschke <lukas@statuscode.ch> | 2016-11-18 10:20:04 +0100 |
|---|---|---|
| committer | Roeland Jago Douma <roeland@famdouma.nl> | 2016-11-21 11:30:00 +0100 |
| commit | 662dff046d7b287c380656a3c0302cd63736e753 (patch) | |
| tree | e8a8079c377ea289e76db7479899a45d7b3d015a | |
| parent | fb91bf6a5b55fa39414add74f86f3f5af21b6552 (diff) | |
| download | nextcloud-server-662dff046d7b287c380656a3c0302cd63736e753.tar.gz nextcloud-server-662dff046d7b287c380656a3c0302cd63736e753.zip | |
Adjust permission checks
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
| -rw-r--r-- | settings/Controller/UsersController.php | 14 | ||||
| -rw-r--r-- | settings/templates/personal.php | 12 |
2 files changed, 10 insertions, 16 deletions
diff --git a/settings/Controller/UsersController.php b/settings/Controller/UsersController.php index 41f3bac733d..fa97845dfba 100644 --- a/settings/Controller/UsersController.php +++ b/settings/Controller/UsersController.php @@ -502,8 +502,6 @@ class UsersController extends Controller { } /** - * @todo add method description - * * @NoAdminRequired * @NoSubadminRequired * @PasswordConfirmationRequired @@ -673,6 +671,8 @@ class UsersController extends Controller { * @PasswordConfirmationRequired * @todo merge into saveUserSettings * + * @NoAdminRequired + * * @param string $username * @param string $displayName * @return DataResponse @@ -681,14 +681,8 @@ class UsersController extends Controller { $currentUser = $this->userSession->getUser(); $user = $this->userManager->get($username); - if ($user === null || - !$user->canChangeDisplayName() || - ( - !$this->groupManager->isAdmin($currentUser->getUID()) && - !$this->groupManager->getSubAdmin()->isUserAccessible($currentUser, $user) && - $currentUser->getUID() !== $username - - ) + if (!$this->groupManager->isAdmin($currentUser->getUID()) && + !$this->groupManager->getSubAdmin()->isUserAccessible($currentUser, $user) ) { return new DataResponse([ 'status' => 'error', diff --git a/settings/templates/personal.php b/settings/templates/personal.php index 519ffa273d9..f5050ab190e 100644 --- a/settings/templates/personal.php +++ b/settings/templates/personal.php @@ -114,7 +114,7 @@ if($_['displayNameChangeSupported']) { <div class="personal-settings-setting-box"> <form id="addressform" class="section"> <h2> - <label for="address"><?php echo $l->t('Address'); ?></label> + <label for="address"><?php p($l->t('Address')); ?></label> <span class="icon-password"/> </h2> <input type="text" id="address" name="address" @@ -233,17 +233,17 @@ if($_['passwordChangeSupported']) { <h2 class="inlineblock"><?php p($l->t('Password'));?></h2> <div id="password-error-msg" class="msg success inlineblock" style="display: none;">Saved</div> <br> - <label for="pass1" class="hidden-visually"><?php echo $l->t('Current password');?>: </label> + <label for="pass1" class="hidden-visually"><?php p($l->t('Current password')); ?>: </label> <input type="password" id="pass1" name="oldpassword" - placeholder="<?php echo $l->t('Current password');?>" + placeholder="<?php p($l->t('Current password'));?>" autocomplete="off" autocapitalize="off" autocorrect="off" /> - <label for="pass2" class="hidden-visually"><?php echo $l->t('New password');?>: </label> + <label for="pass2" class="hidden-visually"><?php p($l->t('New password'));?>: </label> <input type="password" id="pass2" name="newpassword" - placeholder="<?php echo $l->t('New password');?>" + placeholder="<?php p($l->t('New password')); ?>" data-typetoggle="#personal-show" autocomplete="off" autocapitalize="off" autocorrect="off" /> <input type="checkbox" id="personal-show" name="show" /><label for="personal-show" class="personal-show-label"></label> - <input id="passwordbutton" type="submit" value="<?php echo $l->t('Change password');?>" /> + <input id="passwordbutton" type="submit" value="<?php p($l->t('Change password')); ?>" /> <br/> </form> <?php |