fix tooglegroup for subadmins

author: Georg Ehrke <dev@georgswebsite.de> 2012-07-20 15:13:51 +0200
committer: Georg Ehrke <dev@georgswebsite.de> 2012-07-20 15:13:51 +0200
commit: 7f08c84739f5cff97a6176555ddc2bef6a0f010f (patch)
tree: 8acbda629de5af6265f92af965e2ec08b2ddfd2a /settings/ajax
parent: e42f7656970c0b9cf04a8b200eb6d5690b8c9c84 (diff)
download: nextcloud-server-7f08c84739f5cff97a6176555ddc2bef6a0f010f.tar.gz
nextcloud-server-7f08c84739f5cff97a6176555ddc2bef6a0f010f.zip
1 files changed, 7 insertions, 1 deletions
diff --git a/settings/ajax/togglegroups.php b/settings/ajax/togglegroups.php
index 95338ed0267..75cd0858bbc 100644
--- a/settings/ajax/togglegroups.php
+++ b/settings/ajax/togglegroups.php
@@ -3,7 +3,7 @@
 // Init owncloud
 require_once('../../lib/base.php');
 
-OC_JSON::checkAdminUser();
+OC_JSON::checkSubAdminUser();
 OCP\JSON::callCheck();
 
 $success = true;
@@ -13,6 +13,12 @@ $action = "add";
 $username = $_POST["username"];
 $group = OC_Util::sanitizeHTML($_POST["group"]);
 
+if(!OC_Group::inGroup(OC_User::getUser(), 'admin') && (!OC_SubAdmin::isUserAccessible(OC_User::getUser(), $username) || !OC_SubAdmin::isGroupAccessible(OC_User::getUser(), $group))){
+	$l = OC_L10N::get('core');
+	OC_JSON::error(array( 'data' => array( 'message' => $l->t('Authentication error') )));
+	exit();
+}
+
 if(!OC_Group::groupExists($group)){
 	OC_Group::createGroup($group);
 }
author	Georg Ehrke <dev@georgswebsite.de>	2012-07-20 15:13:51 +0200
committer	Georg Ehrke <dev@georgswebsite.de>	2012-07-20 15:13:51 +0200
commit	7f08c84739f5cff97a6176555ddc2bef6a0f010f (patch)
tree	8acbda629de5af6265f92af965e2ec08b2ddfd2a /settings/ajax
parent	e42f7656970c0b9cf04a8b200eb6d5690b8c9c84 (diff)
download	nextcloud-server-7f08c84739f5cff97a6176555ddc2bef6a0f010f.tar.gz nextcloud-server-7f08c84739f5cff97a6176555ddc2bef6a0f010f.zip