diff options
| -rw-r--r-- | settings/ajax/changedisplayname.php | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/settings/ajax/changedisplayname.php b/settings/ajax/changedisplayname.php index 82ca18c3706..f80ecb7a0c9 100644 --- a/settings/ajax/changedisplayname.php +++ b/settings/ajax/changedisplayname.php @@ -6,6 +6,19 @@ OC_JSON::checkLoggedIn(); $username = isset($_POST["username"]) ? $_POST["username"] : OC_User::getUser();
$displayName = $_POST["displayName"];
+$userstatus = null;
+if(OC_User::isAdminUser(OC_User::getUser())) {
+ $userstatus = 'admin';
+}
+if(OC_SubAdmin::isUserAccessible(OC_User::getUser(), $username)) {
+ $userstatus = 'subadmin';
+}
+
+if(is_null($userstatus)) {
+ OC_JSON::error( array( "data" => array( "message" => "Authentication error" )));
+ exit();
+}
+
// Return Success story
if( OC_User::setDisplayName( $username, $displayName )) {
OC_JSON::success(array("data" => array( "username" => $username )));
|