From 74e50910134610a108e18a3807a791ef0b677468 Mon Sep 17 00:00:00 2001
From: Morris Jobke <hey@morrisjobke.de>
Date: Thu, 6 Oct 2016 15:24:22 +0200
Subject: check $user object before using it

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
---
 settings/Controller/UsersController.php | 48 ++++++++++++++++-----------------
 1 file changed, 24 insertions(+), 24 deletions(-)

(limited to 'settings')

diff --git a/settings/Controller/UsersController.php b/settings/Controller/UsersController.php
index 293afe9e6ff..7ce4355aa0b 100644
--- a/settings/Controller/UsersController.php
+++ b/settings/Controller/UsersController.php
@@ -537,19 +537,19 @@ class UsersController extends Controller {
 			);
 		}
 
-		if(!$this->isAdmin && !$this->groupManager->getSubAdmin()->isUserAccessible($this->userSession->getUser(), $user)) {
-			return new DataResponse(
-				array(
-					'status' => 'error',
-					'data' => array(
-						'message' => (string)$this->l10n->t('Authentication error')
-					)
-				),
-				Http::STATUS_FORBIDDEN
-			);
-		}
-
 		if($user) {
+			if(!$this->isAdmin && !$this->groupManager->getSubAdmin()->isUserAccessible($this->userSession->getUser(), $user)) {
+				return new DataResponse(
+					array(
+						'status' => 'error',
+						'data' => array(
+							'message' => (string)$this->l10n->t('Authentication error')
+						)
+					),
+					Http::STATUS_FORBIDDEN
+				);
+			}
+
 			$user->setEnabled(false);
 			return new DataResponse(
 				array(
@@ -594,19 +594,19 @@ class UsersController extends Controller {
 			);
 		}
 
-		if(!$this->isAdmin && !$this->groupManager->getSubAdmin()->isUserAccessible($this->userSession->getUser(), $user)) {
-			return new DataResponse(
-				array(
-					'status' => 'error',
-					'data' => array(
-						'message' => (string)$this->l10n->t('Authentication error')
-					)
-				),
-				Http::STATUS_FORBIDDEN
-			);
-		}
-
 		if($user) {
+			if(!$this->isAdmin && !$this->groupManager->getSubAdmin()->isUserAccessible($this->userSession->getUser(), $user)) {
+				return new DataResponse(
+					array(
+						'status' => 'error',
+						'data' => array(
+							'message' => (string)$this->l10n->t('Authentication error')
+						)
+					),
+					Http::STATUS_FORBIDDEN
+				);
+			}
+
 			$user->setEnabled(true);
 			return new DataResponse(
 				array(
-- 
cgit v1.2.3