summaryrefslogtreecommitdiffstats
path: root/settings/ajax/togglegroups.php
diff options
context:
space:
mode:
Diffstat (limited to 'settings/ajax/togglegroups.php')
-rw-r--r--settings/ajax/togglegroups.php8
1 files changed, 7 insertions, 1 deletions
diff --git a/settings/ajax/togglegroups.php b/settings/ajax/togglegroups.php
index 95338ed0267..75cd0858bbc 100644
--- a/settings/ajax/togglegroups.php
+++ b/settings/ajax/togglegroups.php
@@ -3,7 +3,7 @@
// Init owncloud
require_once('../../lib/base.php');
-OC_JSON::checkAdminUser();
+OC_JSON::checkSubAdminUser();
OCP\JSON::callCheck();
$success = true;
@@ -13,6 +13,12 @@ $action = "add";
$username = $_POST["username"];
$group = OC_Util::sanitizeHTML($_POST["group"]);
+if(!OC_Group::inGroup(OC_User::getUser(), 'admin') && (!OC_SubAdmin::isUserAccessible(OC_User::getUser(), $username) || !OC_SubAdmin::isGroupAccessible(OC_User::getUser(), $group))){
+ $l = OC_L10N::get('core');
+ OC_JSON::error(array( 'data' => array( 'message' => $l->t('Authentication error') )));
+ exit();
+}
+
if(!OC_Group::groupExists($group)){
OC_Group::createGroup($group);
}
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-02 18:28:33 +0000