diff options
Diffstat (limited to 'settings')
| -rw-r--r-- | settings/ajax/setquota.php | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/settings/ajax/setquota.php b/settings/ajax/setquota.php index 2b412c0f2fd..55e936515ec 100644 --- a/settings/ajax/setquota.php +++ b/settings/ajax/setquota.php @@ -8,11 +8,17 @@ // Init owncloud require_once('../../lib/base.php'); -OC_JSON::checkAdminUser(); +OC_JSON::checkSubAdminUser(); OCP\JSON::callCheck(); $username = isset($_POST["username"])?$_POST["username"]:''; +if(!OC_Group::inGroup(OC_User::getUser(), 'admin') && !OC_SubAdmin::isUserAccessible(OC_User::getUser(), $username)){ + $l = OC_L10N::get('core'); + self::error(array( 'data' => array( 'message' => $l->t('Authentication error') ))); + exit(); +} + //make sure the quota is in the expected format $quota=$_POST["quota"]; if($quota!='none' and $quota!='default'){ |