fix removeuser.php for subadmins

author: Georg Ehrke <dev@georgswebsite.de> 2012-07-18 17:23:40 +0200
committer: Georg Ehrke <dev@georgswebsite.de> 2012-07-18 17:23:40 +0200
commit: fb6468936e2b65d7d14f6b86ff3933f6fe0a6cc4 (patch)
tree: f003dbbf17c5612c36a5a3e919768d684ef944c5 /settings
parent: a5bebb86a59a156d00bbd36f477696ddd38ca092 (diff)
download: nextcloud-server-fb6468936e2b65d7d14f6b86ff3933f6fe0a6cc4.tar.gz
nextcloud-server-fb6468936e2b65d7d14f6b86ff3933f6fe0a6cc4.zip
1 files changed, 17 insertions, 1 deletions
diff --git a/settings/ajax/removeuser.php b/settings/ajax/removeuser.php
index 230815217c3..01b28396393 100644
--- a/settings/ajax/removeuser.php
+++ b/settings/ajax/removeuser.php
@@ -3,11 +3,27 @@
 // Init owncloud
 require_once('../../lib/base.php');
 
-OC_JSON::checkAdminUser();
+OC_JSON::checkSubAdminUser();
 OCP\JSON::callCheck();
 
 $username = $_POST["username"];
 
+if(!OC_Group::inGroup(OC_User::getUser(), 'admin') && OC_SubAdmin::isSubAdmin(OC_User::getUser())){
+	$accessiblegroups = OC_SubAdmin::getSubAdminsGroups(OC_User::getUser());
+	$isuseraccessible = false;
+	foreach($accessiblegroups as $accessiblegroup){
+		if(OC_Group::inGroup($username, $accessiblegroup)){
+			$isuseraccessible = true;
+			break;
+		}
+	}
+	if(!$isuseraccessible){
+		$l = OC_L10N::get('core');
+		self::error(array( 'data' => array( 'message' => $l->t('Authentication error') )));
+		exit();
+	}
+}
+
 // Return Success story
 if( OC_User::deleteUser( $username )){
 	OC_JSON::success(array("data" => array( "username" => $username )));
author	Georg Ehrke <dev@georgswebsite.de>	2012-07-18 17:23:40 +0200
committer	Georg Ehrke <dev@georgswebsite.de>	2012-07-18 17:23:40 +0200
commit	fb6468936e2b65d7d14f6b86ff3933f6fe0a6cc4 (patch)
tree	f003dbbf17c5612c36a5a3e919768d684ef944c5 /settings
parent	a5bebb86a59a156d00bbd36f477696ddd38ca092 (diff)
download	nextcloud-server-fb6468936e2b65d7d14f6b86ff3933f6fe0a6cc4.tar.gz nextcloud-server-fb6468936e2b65d7d14f6b86ff3933f6fe0a6cc4.zip