diff options
| author | Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com> | 2024-06-24 14:49:09 +0200 |
|---|---|---|
| committer | Andy Scherzinger <info@andy-scherzinger.de> | 2024-07-11 08:13:47 +0200 |
| commit | c7082d5fb825e913fff9441cfbc4e1380ee8249d (patch) | |
| tree | f93da71081cf6f22736ee5da1a56619e0427001a /apps/files_external | |
| parent | 127ea972bc4fac3d284034e81192a6fe79100586 (diff) | |
| download | nextcloud-server-c7082d5fb825e913fff9441cfbc4e1380ee8249d.tar.gz nextcloud-server-c7082d5fb825e913fff9441cfbc4e1380ee8249d.zip | |
fix: allows admin to edit global credentials
Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>
Diffstat (limited to 'apps/files_external')
| -rw-r--r-- | apps/files_external/lib/Controller/AjaxController.php | 12 |
1 files changed, 9 insertions, 3 deletions
diff --git a/apps/files_external/lib/Controller/AjaxController.php b/apps/files_external/lib/Controller/AjaxController.php index a03243020e4..0e43ea38eec 100644 --- a/apps/files_external/lib/Controller/AjaxController.php +++ b/apps/files_external/lib/Controller/AjaxController.php @@ -106,15 +106,21 @@ class AjaxController extends Controller { */ public function saveGlobalCredentials($uid, $user, $password) { $currentUser = $this->userSession->getUser(); + if ($currentUser === null) { + return false; + } // Non-admins can only edit their own credentials - $allowedToEdit = ($currentUser->getUID() === $uid); + // Admin can edit global credentials + $allowedToEdit = $uid === '' + ? $this->groupManager->isAdmin($currentUser->getUID()) + : $currentUser->getUID() === $uid; if ($allowedToEdit) { $this->globalAuth->saveAuth($uid, $user, $password); return true; - } else { - return false; } + + return false; } } |