diff options
Diffstat (limited to 'settings')
| -rw-r--r-- | settings/Controller/UsersController.php | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/settings/Controller/UsersController.php b/settings/Controller/UsersController.php index fa97845dfba..8f077270392 100644 --- a/settings/Controller/UsersController.php +++ b/settings/Controller/UsersController.php @@ -681,8 +681,14 @@ class UsersController extends Controller { $currentUser = $this->userSession->getUser(); $user = $this->userManager->get($username); - if (!$this->groupManager->isAdmin($currentUser->getUID()) && - !$this->groupManager->getSubAdmin()->isUserAccessible($currentUser, $user) + if ($user === null || + !$user->canChangeDisplayName() || + ( + !$this->groupManager->isAdmin($currentUser->getUID()) && + !$this->groupManager->getSubAdmin()->isUserAccessible($currentUser, $user) && + $currentUser->getUID() !== $username + + ) ) { return new DataResponse([ 'status' => 'error', |