diff options
| author | Bart Visscher <bartv@thisnet.nl> | 2012-10-17 16:38:11 +0200 |
|---|---|---|
| committer | Bart Visscher <bartv@thisnet.nl> | 2012-10-17 16:38:11 +0200 |
| commit | 6081bfa2bcbe121e373486273ecce58a49e6fa97 (patch) | |
| tree | f2504800c66919a53eff9323724b493079569495 /settings/ajax/removeuser.php | |
| parent | c2b4e534534e083147bbad9b564179832cfa2912 (diff) | |
| parent | 44287d680bd0e8799724a7595db43c0fafcaff40 (diff) | |
| download | nextcloud-server-6081bfa2bcbe121e373486273ecce58a49e6fa97.tar.gz nextcloud-server-6081bfa2bcbe121e373486273ecce58a49e6fa97.zip | |
Merge branch 'master' into routing
Conflicts:
lib/search/provider/file.php
settings/ajax/changepassword.php
settings/settings.php
Diffstat (limited to 'settings/ajax/removeuser.php')
| -rw-r--r-- | settings/ajax/removeuser.php | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/settings/ajax/removeuser.php b/settings/ajax/removeuser.php index a10dc29321d..9ffb32a0b23 100644 --- a/settings/ajax/removeuser.php +++ b/settings/ajax/removeuser.php @@ -5,6 +5,11 @@ OCP\JSON::callCheck(); $username = $_POST["username"]; +// A user shouldn't be able to delete his own account +if(OC_User::getUser() === $username) { + exit; +} + if(!OC_Group::inGroup(OC_User::getUser(), 'admin') && !OC_SubAdmin::isUserAccessible(OC_User::getUser(), $username)) { $l = OC_L10N::get('core'); OC_JSON::error(array( 'data' => array( 'message' => $l->t('Authentication error') ))); |