summaryrefslogtreecommitdiffstats
path: root/apps
diff options
context:
space:
mode:
authorArthur Schiwon <blizzz@arthur-schiwon.de>2023-09-07 12:58:40 +0200
committerGitHub <noreply@github.com>2023-09-07 12:58:40 +0200
commit65485582677e82ad606c56e2edaff4d7c1999866 (patch)
treec445b1e90481919d6280ca3b63baf4ad160f69de /apps
parentea48ef590593a4a0e252866e0171d9c378feeb86 (diff)
parentd4bc489de10de6c5a731ff660d7b7edf4913510b (diff)
downloadnextcloud-server-65485582677e82ad606c56e2edaff4d7c1999866.tar.gz
nextcloud-server-65485582677e82ad606c56e2edaff4d7c1999866.zip
Merge pull request #40271 from nextcloud/backport/39895/stable27
[stable27] admin have no special rights on users' entries
Diffstat (limited to 'apps')
-rw-r--r--apps/files_external/lib/Controller/AjaxController.php2
-rw-r--r--apps/files_external/tests/Controller/AjaxControllerTest.php35
2 files changed, 7 insertions, 30 deletions
diff --git a/apps/files_external/lib/Controller/AjaxController.php b/apps/files_external/lib/Controller/AjaxController.php
index db23ecd709d..e41a75a62bc 100644
--- a/apps/files_external/lib/Controller/AjaxController.php
+++ b/apps/files_external/lib/Controller/AjaxController.php
@@ -108,7 +108,7 @@ class AjaxController extends Controller {
$currentUser = $this->userSession->getUser();
// Non-admins can only edit their own credentials
- $allowedToEdit = ($this->groupManager->isAdmin($currentUser->getUID()) || $currentUser->getUID() === $uid);
+ $allowedToEdit = ($currentUser->getUID() === $uid);
if ($allowedToEdit) {
$this->globalAuth->saveAuth($uid, $user, $password);
diff --git a/apps/files_external/tests/Controller/AjaxControllerTest.php b/apps/files_external/tests/Controller/AjaxControllerTest.php
index 2ddd64f0e07..304a1807931 100644
--- a/apps/files_external/tests/Controller/AjaxControllerTest.php
+++ b/apps/files_external/tests/Controller/AjaxControllerTest.php
@@ -102,17 +102,11 @@ class AjaxControllerTest extends TestCase {
->expects($this->once())
->method('getUser')
->willReturn($user);
- $this->groupManager
- ->expects($this->once())
- ->method('isAdmin')
- ->with('MyAdminUid')
- ->willReturn(true);
$this->globalAuth
- ->expects($this->once())
- ->method('saveAuth')
- ->with('UidOfTestUser', 'test', 'password');
+ ->expects($this->never())
+ ->method('saveAuth');
- $this->assertSame(true, $this->ajaxController->saveGlobalCredentials('UidOfTestUser', 'test', 'password'));
+ $this->assertSame(false, $this->ajaxController->saveGlobalCredentials('UidOfTestUser', 'test', 'password'));
}
public function testSaveGlobalCredentialsAsAdminForSelf() {
@@ -125,11 +119,6 @@ class AjaxControllerTest extends TestCase {
->expects($this->once())
->method('getUser')
->willReturn($user);
- $this->groupManager
- ->expects($this->once())
- ->method('isAdmin')
- ->with('MyAdminUid')
- ->willReturn(true);
$this->globalAuth
->expects($this->once())
->method('saveAuth')
@@ -141,20 +130,12 @@ class AjaxControllerTest extends TestCase {
public function testSaveGlobalCredentialsAsNormalUserForSelf() {
$user = $this->createMock(IUser::class);
$user
- ->expects($this->exactly(2))
->method('getUID')
->willReturn('MyUserUid');
$this->userSession
- ->expects($this->once())
->method('getUser')
->willReturn($user);
- $this->groupManager
- ->expects($this->once())
- ->method('isAdmin')
- ->with('MyUserUid')
- ->willReturn(false);
$this->globalAuth
- ->expects($this->once())
->method('saveAuth')
->with('MyUserUid', 'test', 'password');
@@ -164,18 +145,14 @@ class AjaxControllerTest extends TestCase {
public function testSaveGlobalCredentialsAsNormalUserForAnotherUser() {
$user = $this->createMock(IUser::class);
$user
- ->expects($this->exactly(2))
->method('getUID')
->willReturn('MyUserUid');
$this->userSession
- ->expects($this->once())
->method('getUser')
->willReturn($user);
- $this->groupManager
- ->expects($this->once())
- ->method('isAdmin')
- ->with('MyUserUid')
- ->willReturn(false);
+ $this->globalAuth
+ ->expects($this->never())
+ ->method('saveAuth');
$this->assertSame(false, $this->ajaxController->saveGlobalCredentials('AnotherUserUid', 'test', 'password'));
}