aboutsummaryrefslogtreecommitdiffstats
path: root/settings/ajax/togglegroups.php
diff options
context:
space:
mode:
Diffstat (limited to 'settings/ajax/togglegroups.php')
-rw-r--r--settings/ajax/togglegroups.php14
1 files changed, 12 insertions, 2 deletions
diff --git a/settings/ajax/togglegroups.php b/settings/ajax/togglegroups.php
index 4d248408db0..f46fa356549 100644
--- a/settings/ajax/togglegroups.php
+++ b/settings/ajax/togglegroups.php
@@ -37,9 +37,19 @@ if($username === OC_User::getUser() && $group === "admin" && OC_User::isAdminUs
exit();
}
+$isUserAccessible = false;
+$isGroupAccessible = false;
+$currentUserObject = \OC::$server->getUserSession()->getUser();
+$targetUserObject = \OC::$server->getUserManager()->get($username);
+$targetGroupObject = \OC::$server->getGroupManager()->get($group);
+if($targetUserObject !== null && $currentUserObject !== null && $targetGroupObject !== null) {
+ $isUserAccessible = \OC::$server->getGroupManager()->getSubAdmin()->isUserAccessible($currentUserObject, $targetUserObject);
+ $isGroupAccessible = \OC::$server->getGroupManager()->getSubAdmin()->isSubAdminofGroup($currentUserObject, $targetGroupObject);
+}
+
if(!OC_User::isAdminUser(OC_User::getUser())
- && (!OC_SubAdmin::isUserAccessible(OC_User::getUser(), $username)
- || !OC_SubAdmin::isGroupAccessible(OC_User::getUser(), $group))) {
+ && (!$isUserAccessible
+ || !$isGroupAccessible)) {
$l = \OC::$server->getL10N('core');
OC_JSON::error(array( 'data' => array( 'message' => $l->t('Authentication error') )));
exit();
generated by cgit v1.2.3 (git 2.39.1) at 2025-06-01 05:15:07 +0000