fix setqouta for subadmins

author: Georg Ehrke <dev@georgswebsite.de> 2012-07-19 16:37:41 +0200
committer: Georg Ehrke <dev@georgswebsite.de> 2012-07-19 16:37:41 +0200
commit: 2fc834230a8e5cae4070d0c1f0053e0dc20db1b3 (patch)
tree: d65da4ef8599f37fa3c6826c99a8cfffdcf4e0d5 /settings
parent: ffc55f351013b46c841ed1c477de6328169ac4cd (diff)
download: nextcloud-server-2fc834230a8e5cae4070d0c1f0053e0dc20db1b3.tar.gz
nextcloud-server-2fc834230a8e5cae4070d0c1f0053e0dc20db1b3.zip
1 files changed, 7 insertions, 1 deletions
diff --git a/settings/ajax/setquota.php b/settings/ajax/setquota.php
index 2b412c0f2fd..55e936515ec 100644
--- a/settings/ajax/setquota.php
+++ b/settings/ajax/setquota.php
@@ -8,11 +8,17 @@
 // Init owncloud
 require_once('../../lib/base.php');
 
-OC_JSON::checkAdminUser();
+OC_JSON::checkSubAdminUser();
 OCP\JSON::callCheck();
 
 $username = isset($_POST["username"])?$_POST["username"]:'';
 
+if(!OC_Group::inGroup(OC_User::getUser(), 'admin') && !OC_SubAdmin::isUserAccessible(OC_User::getUser(), $username)){
+	$l = OC_L10N::get('core');
+	self::error(array( 'data' => array( 'message' => $l->t('Authentication error') )));
+	exit();
+}
+
 //make sure the quota is in the expected format
 $quota=$_POST["quota"];
 if($quota!='none' and $quota!='default'){
author	Georg Ehrke <dev@georgswebsite.de>	2012-07-19 16:37:41 +0200
committer	Georg Ehrke <dev@georgswebsite.de>	2012-07-19 16:37:41 +0200
commit	2fc834230a8e5cae4070d0c1f0053e0dc20db1b3 (patch)
tree	d65da4ef8599f37fa3c6826c99a8cfffdcf4e0d5 /settings
parent	ffc55f351013b46c841ed1c477de6328169ac4cd (diff)
download	nextcloud-server-2fc834230a8e5cae4070d0c1f0053e0dc20db1b3.tar.gz nextcloud-server-2fc834230a8e5cae4070d0c1f0053e0dc20db1b3.zip