diff options
| -rw-r--r-- | apps/files_external/ajax/addMountPoint.php | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/apps/files_external/ajax/addMountPoint.php b/apps/files_external/ajax/addMountPoint.php index 9100d47db3a..2423692be18 100644 --- a/apps/files_external/ajax/addMountPoint.php +++ b/apps/files_external/ajax/addMountPoint.php @@ -1,10 +1,15 @@ <?php OCP\JSON::checkAppEnabled('files_external'); +OCP\JSON::checkLoggedIn(); OCP\JSON::callCheck(); if ($_POST['isPersonal'] == 'true') { - OCP\JSON::checkLoggedIn(); + // Check whether the user has permissions to add personal storage backends + if(OCP\Config::getAppValue('files_external', 'allow_user_mounting', 'yes') !== 'yes') { + OCP\JSON::error(array('data' => array('message' => 'no permission'))); + return; + } $isPersonal = true; } else { OCP\JSON::checkAdminUser(); |