summaryrefslogtreecommitdiffstats
path: root/settings/ajax/removeuser.php
diff options
context:
space:
mode:
authorLukas Reschke <lukas@statuscode.ch>2012-10-10 18:05:34 +0200
committerLukas Reschke <lukas@statuscode.ch>2012-10-10 18:05:34 +0200
commit2f4b1b0e4c52b1685642513482a697f9ab1e5fc1 (patch)
treef46cb7f13ecdffcf526d3fd5f63f9fd66f2eda06 /settings/ajax/removeuser.php
parent41640b4b91c7f8d407fb17e085f83d95ca900311 (diff)
downloadnextcloud-server-2f4b1b0e4c52b1685642513482a697f9ab1e5fc1.tar.gz
nextcloud-server-2f4b1b0e4c52b1685642513482a697f9ab1e5fc1.zip
Disallow users to delete their own accounts
Diffstat (limited to 'settings/ajax/removeuser.php')
-rw-r--r--settings/ajax/removeuser.php7
1 files changed, 6 insertions, 1 deletions
diff --git a/settings/ajax/removeuser.php b/settings/ajax/removeuser.php
index 6b11fa5c4fb..1e3cd2993b0 100644
--- a/settings/ajax/removeuser.php
+++ b/settings/ajax/removeuser.php
@@ -8,6 +8,11 @@ OCP\JSON::callCheck();
$username = $_POST["username"];
+// A user shouldn't be able to delete his own account
+if(OC_User::getUser() === $username) {
+ exit;
+}
+
if(!OC_Group::inGroup(OC_User::getUser(), 'admin') && !OC_SubAdmin::isUserAccessible(OC_User::getUser(), $username)) {
$l = OC_L10N::get('core');
OC_JSON::error(array( 'data' => array( 'message' => $l->t('Authentication error') )));
@@ -20,4 +25,4 @@ if( OC_User::deleteUser( $username )) {
}
else{
OC_JSON::error(array("data" => array( "message" => $l->t("Unable to delete user") )));
-}
+} \ No newline at end of file