make some checks server-side

author: Georg Ehrke <dev@georgswebsite.de> 2012-11-28 17:57:31 +0100
committer: Georg Ehrke <dev@georgswebsite.de> 2012-11-28 18:15:40 +0100
commit: ab1370277036b337040ce180614f967295ad287a (patch)
tree: 2765de60985d40877e84ce98845c4d2b362f262c /settings/ajax
parent: eaa625c9bc426dcba0427457777a79a3944628a5 (diff)
download: nextcloud-server-ab1370277036b337040ce180614f967295ad287a.tar.gz
nextcloud-server-ab1370277036b337040ce180614f967295ad287a.zip
1 files changed, 6 insertions, 0 deletions
diff --git a/settings/ajax/togglegroups.php b/settings/ajax/togglegroups.php
index de941f99132..931ab2689e2 100644
--- a/settings/ajax/togglegroups.php
+++ b/settings/ajax/togglegroups.php
@@ -7,6 +7,12 @@ $success = true;
 $username = $_POST["username"];
 $group = OC_Util::sanitizeHTML($_POST["group"]);
 
+if($username == OC_User::getUser() && $group == "admin" &&  OC_Group::inGroup($username, 'admin')){
+	$l = OC_L10N::get('core');
+	OC_JSON::error(array( 'data' => array( 'message' => $l->t('Admins can\'t remove themself from the admin group'))));
+	exit();
+}
+
 if(!OC_Group::inGroup(OC_User::getUser(), 'admin') && (!OC_SubAdmin::isUserAccessible(OC_User::getUser(), $username) || !OC_SubAdmin::isGroupAccessible(OC_User::getUser(), $group))) {
 	$l = OC_L10N::get('core');
 	OC_JSON::error(array( 'data' => array( 'message' => $l->t('Authentication error') )));
author	Georg Ehrke <dev@georgswebsite.de>	2012-11-28 17:57:31 +0100
committer	Georg Ehrke <dev@georgswebsite.de>	2012-11-28 18:15:40 +0100
commit	ab1370277036b337040ce180614f967295ad287a (patch)
tree	2765de60985d40877e84ce98845c4d2b362f262c /settings/ajax
parent	eaa625c9bc426dcba0427457777a79a3944628a5 (diff)
download	nextcloud-server-ab1370277036b337040ce180614f967295ad287a.tar.gz nextcloud-server-ab1370277036b337040ce180614f967295ad287a.zip