Merge pull request #46090 from nextcloud/backport/46073/stable28

[stable28] fix: allows admin to edit global credentials
2026-06-06 15:23:17 -04:00 · 2024-07-11 17:06:24 +02:00 · 2024-07-11 17:06:24 +02:00 · 290ccdb684
commit 290ccdb684
parent c170be3352 c7082d5fb8
1 changed files with 9 additions and 3 deletions
--- a/apps/files_external/lib/Controller/AjaxController.php
+++ b/apps/files_external/lib/Controller/AjaxController.php
@ -106,15 +106,21 @@ class AjaxController extends Controller {
 	 */
 	public function saveGlobalCredentials($uid, $user, $password) {
 		$currentUser = $this->userSession->getUser();
+		if ($currentUser === null) {
+			return false;
+		}

 		// Non-admins can only edit their own credentials
-		$allowedToEdit = ($currentUser->getUID() === $uid);
+		// Admin can edit global credentials
+		$allowedToEdit = $uid === ''
+			? $this->groupManager->isAdmin($currentUser->getUID())
+			: $currentUser->getUID() === $uid;

 		if ($allowedToEdit) {
 			$this->globalAuth->saveAuth($uid, $user, $password);
 			return true;
-		} else {
-			return false;
 		}
+
+		return false;
 	}
 }