diff options
| author | Lukas Reschke <lukas@statuscode.ch> | 2016-11-18 10:20:04 +0100 |
|---|---|---|
| committer | Roeland Jago Douma <roeland@famdouma.nl> | 2016-11-21 11:30:00 +0100 |
| commit | 662dff046d7b287c380656a3c0302cd63736e753 (patch) | |
| tree | e8a8079c377ea289e76db7479899a45d7b3d015a /settings/Controller/UsersController.php | |
| parent | fb91bf6a5b55fa39414add74f86f3f5af21b6552 (diff) | |
| download | nextcloud-server-662dff046d7b287c380656a3c0302cd63736e753.tar.gz nextcloud-server-662dff046d7b287c380656a3c0302cd63736e753.zip | |
Adjust permission checks
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
Diffstat (limited to 'settings/Controller/UsersController.php')
| -rw-r--r-- | settings/Controller/UsersController.php | 14 |
1 files changed, 4 insertions, 10 deletions
diff --git a/settings/Controller/UsersController.php b/settings/Controller/UsersController.php index 41f3bac733d..fa97845dfba 100644 --- a/settings/Controller/UsersController.php +++ b/settings/Controller/UsersController.php @@ -502,8 +502,6 @@ class UsersController extends Controller { } /** - * @todo add method description - * * @NoAdminRequired * @NoSubadminRequired * @PasswordConfirmationRequired @@ -673,6 +671,8 @@ class UsersController extends Controller { * @PasswordConfirmationRequired * @todo merge into saveUserSettings * + * @NoAdminRequired + * * @param string $username * @param string $displayName * @return DataResponse @@ -681,14 +681,8 @@ class UsersController extends Controller { $currentUser = $this->userSession->getUser(); $user = $this->userManager->get($username); - if ($user === null || - !$user->canChangeDisplayName() || - ( - !$this->groupManager->isAdmin($currentUser->getUID()) && - !$this->groupManager->getSubAdmin()->isUserAccessible($currentUser, $user) && - $currentUser->getUID() !== $username - - ) + if (!$this->groupManager->isAdmin($currentUser->getUID()) && + !$this->groupManager->getSubAdmin()->isUserAccessible($currentUser, $user) ) { return new DataResponse([ 'status' => 'error', |