summaryrefslogtreecommitdiffstats
path: root/settings/Controller/UsersController.php
diff options
context:
space:
mode:
Diffstat (limited to 'settings/Controller/UsersController.php')
-rw-r--r--settings/Controller/UsersController.php99
1 files changed, 96 insertions, 3 deletions
diff --git a/settings/Controller/UsersController.php b/settings/Controller/UsersController.php
index 42d464c961a..20440e6d395 100644
--- a/settings/Controller/UsersController.php
+++ b/settings/Controller/UsersController.php
@@ -618,10 +618,12 @@ class UsersController extends Controller {
if (isset($data[AccountManager::PROPERTY_EMAIL]['value'])
&& $oldEmailAddress !== $data[AccountManager::PROPERTY_EMAIL]['value']
) {
- $result = $user->setEMailAddress($data[AccountManager::PROPERTY_EMAIL]['value']);
- if ($result === false) {
- throw new ForbiddenException($this->l10n->t('Unable to change mail address'));
+ // this is the only permission a backend provides and is also used
+ // for the permission of setting a email address
+ if (!$user->canChangeDisplayName()) {
+ throw new ForbiddenException($this->l10n->t('Unable to change email address'));
}
+ $user->setEMailAddress($data[AccountManager::PROPERTY_EMAIL]['value']);
}
$this->accountManager->updateUser($user, $data);
@@ -722,4 +724,95 @@ class UsersController extends Controller {
]);
}
}
+
+ /**
+ * Set the mail address of a user
+ *
+ * @NoAdminRequired
+ * @NoSubadminRequired
+ * @PasswordConfirmationRequired
+ *
+ * @param string $id
+ * @param string $mailAddress
+ * @return DataResponse
+ */
+ public function setEMailAddress($id, $mailAddress) {
+ $user = $this->userManager->get($id);
+ if (!$this->isAdmin
+ && !$this->groupManager->getSubAdmin()->isUserAccessible($this->userSession->getUser(), $user)
+ ) {
+ return new DataResponse(
+ array(
+ 'status' => 'error',
+ 'data' => array(
+ 'message' => (string)$this->l10n->t('Forbidden')
+ )
+ ),
+ Http::STATUS_FORBIDDEN
+ );
+ }
+
+ if($mailAddress !== '' && !$this->mailer->validateMailAddress($mailAddress)) {
+ return new DataResponse(
+ array(
+ 'status' => 'error',
+ 'data' => array(
+ 'message' => (string)$this->l10n->t('Invalid mail address')
+ )
+ ),
+ Http::STATUS_UNPROCESSABLE_ENTITY
+ );
+ }
+
+ if (!$user) {
+ return new DataResponse(
+ array(
+ 'status' => 'error',
+ 'data' => array(
+ 'message' => (string)$this->l10n->t('Invalid user')
+ )
+ ),
+ Http::STATUS_UNPROCESSABLE_ENTITY
+ );
+ }
+ // this is the only permission a backend provides and is also used
+ // for the permission of setting a email address
+ if (!$user->canChangeDisplayName()) {
+ return new DataResponse(
+ array(
+ 'status' => 'error',
+ 'data' => array(
+ 'message' => (string)$this->l10n->t('Unable to change mail address')
+ )
+ ),
+ Http::STATUS_FORBIDDEN
+ );
+ }
+
+ $userData = $this->accountManager->getUser($user);
+ $userData[AccountManager::PROPERTY_EMAIL]['value'] = $mailAddress;
+
+ try {
+ $this->saveUserSettings($user, $userData);
+ return new DataResponse(
+ array(
+ 'status' => 'success',
+ 'data' => array(
+ 'username' => $id,
+ 'mailAddress' => $mailAddress,
+ 'message' => (string)$this->l10n->t('Email saved')
+ )
+ ),
+ Http::STATUS_OK
+ );
+ } catch (ForbiddenException $e) {
+ return new DataResponse([
+ 'status' => 'error',
+ 'data' => [
+ 'message' => $e->getMessage()
+ ],
+ ]);
+ }
+ }
+
}