summaryrefslogtreecommitdiffstats
path: root/settings/ajax/setquota.php
diff options
context:
space:
mode:
Diffstat (limited to 'settings/ajax/setquota.php')
-rw-r--r--settings/ajax/setquota.php9
1 files changed, 8 insertions, 1 deletions
diff --git a/settings/ajax/setquota.php b/settings/ajax/setquota.php
index a9012a55345..8e6d44c2d8d 100644
--- a/settings/ajax/setquota.php
+++ b/settings/ajax/setquota.php
@@ -32,9 +32,16 @@ OCP\JSON::callCheck();
$username = isset($_POST["username"]) ? (string)$_POST["username"] : '';
+$isUserAccessible = false;
+$currentUserObject = \OC::$server->getUserSession()->getUser();
+$targetUserObject = \OC::$server->getUserManager()->get($username);
+if($targetUserObject !== null && $currentUserObject !== null) {
+ $isUserAccessible = \OC::$server->getGroupManager()->getSubAdmin()->isUserAccessible($currentUserObject, $targetUserObject);
+}
+
if(($username === '' && !OC_User::isAdminUser(OC_User::getUser()))
|| (!OC_User::isAdminUser(OC_User::getUser())
- && !OC_SubAdmin::isUserAccessible(OC_User::getUser(), $username))) {
+ && !$isUserAccessible)) {
$l = \OC::$server->getL10N('core');
OC_JSON::error(array( 'data' => array( 'message' => $l->t('Authentication error') )));
exit();
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-01 18:19:59 +0000