diff options
author | Joas Schilling <coding@schilljs.com> | 2017-06-02 10:09:42 +0200 |
---|---|---|
committer | Joas Schilling <coding@schilljs.com> | 2017-06-02 10:09:42 +0200 |
commit | 0e26ba4c2adec21de3b5239a646bb4dbde44b2f4 (patch) | |
tree | aa0f6d2507ebfb31a32f9c67868f7011f5cba7a7 /apps/provisioning_api/lib | |
parent | 8801b68d45443f9b4abd001bd6e804a32390d12f (diff) | |
download | nextcloud-server-0e26ba4c2adec21de3b5239a646bb4dbde44b2f4.tar.gz nextcloud-server-0e26ba4c2adec21de3b5239a646bb4dbde44b2f4.zip |
Don't allow the user to set fields they can't see
Signed-off-by: Joas Schilling <coding@schilljs.com>
Diffstat (limited to 'apps/provisioning_api/lib')
-rw-r--r-- | apps/provisioning_api/lib/Controller/UsersController.php | 31 |
1 files changed, 24 insertions, 7 deletions
diff --git a/apps/provisioning_api/lib/Controller/UsersController.php b/apps/provisioning_api/lib/Controller/UsersController.php index 6e34fe53eb3..132727eecbd 100644 --- a/apps/provisioning_api/lib/Controller/UsersController.php +++ b/apps/provisioning_api/lib/Controller/UsersController.php @@ -32,6 +32,7 @@ namespace OCA\Provisioning_API\Controller; use OC\Accounts\AccountManager; use OC\Settings\Mailer\NewUserMailHelper; use OC_Helper; +use OCP\App\IAppManager; use OCP\AppFramework\Http\DataResponse; use OCP\AppFramework\OCS\OCSException; use OCP\AppFramework\OCS\OCSForbiddenException; @@ -52,6 +53,8 @@ class UsersController extends OCSController { private $userManager; /** @var IConfig */ private $config; + /** @var IAppManager */ + private $appManager; /** @var IGroupManager|\OC\Group\Manager */ // FIXME Requires a method that is not on the interface private $groupManager; /** @var IUserSession */ @@ -70,6 +73,7 @@ class UsersController extends OCSController { * @param IRequest $request * @param IUserManager $userManager * @param IConfig $config + * @param IAppManager $appManager * @param IGroupManager $groupManager * @param IUserSession $userSession * @param AccountManager $accountManager @@ -81,6 +85,7 @@ class UsersController extends OCSController { IRequest $request, IUserManager $userManager, IConfig $config, + IAppManager $appManager, IGroupManager $groupManager, IUserSession $userSession, AccountManager $accountManager, @@ -91,6 +96,7 @@ class UsersController extends OCSController { $this->userManager = $userManager; $this->config = $config; + $this->appManager = $appManager; $this->groupManager = $groupManager; $this->userSession = $userSession; $this->accountManager = $accountManager; @@ -309,14 +315,25 @@ class UsersController extends OCSController { $permittedFields = []; if($targetUser->getUID() === $currentLoggedInUser->getUID()) { // Editing self (display, email) - $permittedFields[] = 'display'; - $permittedFields[] = AccountManager::PROPERTY_DISPLAYNAME; - $permittedFields[] = AccountManager::PROPERTY_EMAIL; + if ($this->config->getSystemValue('allow_user_to_change_display_name', true) !== false) { + $permittedFields[] = 'display'; + $permittedFields[] = AccountManager::PROPERTY_DISPLAYNAME; + $permittedFields[] = AccountManager::PROPERTY_EMAIL; + } + $permittedFields[] = 'password'; - $permittedFields[] = AccountManager::PROPERTY_PHONE; - $permittedFields[] = AccountManager::PROPERTY_ADDRESS; - $permittedFields[] = AccountManager::PROPERTY_WEBSITE; - $permittedFields[] = AccountManager::PROPERTY_TWITTER; + + if ($this->appManager->isEnabledForUser('federatedfilesharing')) { + $federatedFileSharing = new \OCA\FederatedFileSharing\AppInfo\Application(); + $shareProvider = $federatedFileSharing->getFederatedShareProvider(); + if ($shareProvider->isLookupServerUploadEnabled()) { + $permittedFields[] = AccountManager::PROPERTY_PHONE; + $permittedFields[] = AccountManager::PROPERTY_ADDRESS; + $permittedFields[] = AccountManager::PROPERTY_WEBSITE; + $permittedFields[] = AccountManager::PROPERTY_TWITTER; + } + } + // If admin they can edit their own quota if($this->groupManager->isAdmin($currentLoggedInUser->getUID())) { $permittedFields[] = 'quota'; |