aboutsummaryrefslogtreecommitdiffstats
path: root/settings
diff options
context:
space:
mode:
authorMorris Jobke <hey@morrisjobke.de>2017-06-06 08:06:39 -0500
committerGitHub <noreply@github.com>2017-06-06 08:06:39 -0500
commit15314b6f5b7914a72ca1b424a13ecd82163a8f14 (patch)
tree660f8dfd14a102da7b54e34d2c3c4fb47791fcf0 /settings
parent811f7b527a9f84895222425949084d52a250f8d9 (diff)
parentf39fdaf46e6ab9b3840102bb657cce7d0b074e6f (diff)
downloadnextcloud-server-15314b6f5b7914a72ca1b424a13ecd82163a8f14.tar.gz
nextcloud-server-15314b6f5b7914a72ca1b424a13ecd82163a8f14.zip
Merge pull request #5223 from nextcloud/do-not-allow-to-set-invisible-fields
Don't allow the user to set fields they can't see
Diffstat (limited to 'settings')
-rw-r--r--settings/Controller/UsersController.php50
1 files changed, 31 insertions, 19 deletions
diff --git a/settings/Controller/UsersController.php b/settings/Controller/UsersController.php
index d4a5de93a36..e217e189463 100644
--- a/settings/Controller/UsersController.php
+++ b/settings/Controller/UsersController.php
@@ -78,6 +78,8 @@ class UsersController extends Controller {
private $isEncryptionAppEnabled;
/** @var bool contains the state of the admin recovery setting */
private $isRestoreEnabled = false;
+ /** @var IAppManager */
+ private $appManager;
/** @var IAvatarManager */
private $avatarManager;
/** @var AccountManager */
@@ -146,6 +148,7 @@ class UsersController extends Controller {
$this->l10n = $l10n;
$this->log = $log;
$this->mailer = $mailer;
+ $this->appManager = $appManager;
$this->avatarManager = $avatarManager;
$this->accountManager = $accountManager;
$this->secureRandom = $secureRandom;
@@ -718,18 +721,27 @@ class UsersController extends Controller {
);
}
- $data = [
- AccountManager::PROPERTY_AVATAR => ['scope' => $avatarScope],
- AccountManager::PROPERTY_DISPLAYNAME => ['value' => $displayname, 'scope' => $displaynameScope],
- AccountManager::PROPERTY_EMAIL=> ['value' => $email, 'scope' => $emailScope],
- AccountManager::PROPERTY_WEBSITE => ['value' => $website, 'scope' => $websiteScope],
- AccountManager::PROPERTY_ADDRESS => ['value' => $address, 'scope' => $addressScope],
- AccountManager::PROPERTY_PHONE => ['value' => $phone, 'scope' => $phoneScope],
- AccountManager::PROPERTY_TWITTER => ['value' => $twitter, 'scope' => $twitterScope]
- ];
-
$user = $this->userSession->getUser();
+ $data = $this->accountManager->getUser($user);
+
+ $data[AccountManager::PROPERTY_AVATAR] = ['scope' => $avatarScope];
+ if ($this->config->getSystemValue('allow_user_to_change_display_name', true) !== false) {
+ $data[AccountManager::PROPERTY_DISPLAYNAME] = ['value' => $displayname, 'scope' => $displaynameScope];
+ $data[AccountManager::PROPERTY_EMAIL] = ['value' => $email, 'scope' => $emailScope];
+ }
+
+ if ($this->appManager->isEnabledForUser('federatedfilesharing')) {
+ $federatedFileSharing = new \OCA\FederatedFileSharing\AppInfo\Application();
+ $shareProvider = $federatedFileSharing->getFederatedShareProvider();
+ if ($shareProvider->isLookupServerUploadEnabled()) {
+ $data[AccountManager::PROPERTY_WEBSITE] = ['value' => $website, 'scope' => $websiteScope];
+ $data[AccountManager::PROPERTY_ADDRESS] = ['value' => $address, 'scope' => $addressScope];
+ $data[AccountManager::PROPERTY_PHONE] = ['value' => $phone, 'scope' => $phoneScope];
+ $data[AccountManager::PROPERTY_TWITTER] = ['value' => $twitter, 'scope' => $twitterScope];
+ }
+ }
+
try {
$this->saveUserSettings($user, $data);
return new DataResponse(
@@ -737,15 +749,15 @@ class UsersController extends Controller {
'status' => 'success',
'data' => [
'userId' => $user->getUID(),
- 'avatarScope' => $avatarScope,
- 'displayname' => $displayname,
- 'displaynameScope' => $displaynameScope,
- 'email' => $email,
- 'emailScope' => $emailScope,
- 'website' => $website,
- 'websiteScope' => $websiteScope,
- 'address' => $address,
- 'addressScope' => $addressScope,
+ 'avatarScope' => $data[AccountManager::PROPERTY_AVATAR]['scope'],
+ 'displayname' => $data[AccountManager::PROPERTY_DISPLAYNAME]['value'],
+ 'displaynameScope' => $data[AccountManager::PROPERTY_DISPLAYNAME]['scope'],
+ 'email' => $data[AccountManager::PROPERTY_EMAIL]['value'],
+ 'emailScope' => $data[AccountManager::PROPERTY_EMAIL]['scope'],
+ 'website' => $data[AccountManager::PROPERTY_WEBSITE]['value'],
+ 'websiteScope' => $data[AccountManager::PROPERTY_WEBSITE]['scope'],
+ 'address' => $data[AccountManager::PROPERTY_ADDRESS]['value'],
+ 'addressScope' => $data[AccountManager::PROPERTY_ADDRESS]['scope'],
'message' => (string) $this->l10n->t('Settings saved')
]
],