From 48727aa942be1c06db61f300ed3affbd423a2982 Mon Sep 17 00:00:00 2001
From: "Peter R." <peter.ringelmann@nextcloud.com>
Date: Tue, 28 Apr 2026 18:12:55 +0200
Subject: [PATCH] fix(provisioning_api): use isAdmin() in delegated admin edit
 guard
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Co-authored-by: Côme Chilliet <91878298+come-nc@users.noreply.github.com>
Signed-off-by: Peter Ringelmann <peter.ringelmann@nextcloud.com>
---
 apps/provisioning_api/lib/Controller/UsersController.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/apps/provisioning_api/lib/Controller/UsersController.php b/apps/provisioning_api/lib/Controller/UsersController.php
index 9d2009d313d..8d668c64691 100644
--- a/apps/provisioning_api/lib/Controller/UsersController.php
+++ b/apps/provisioning_api/lib/Controller/UsersController.php
@@ -952,7 +952,7 @@ class UsersController extends AUserDataOCSController {
 		$isSubAdminAccessible = !$isSelf && $subAdminManager->isUserAccessible($currentLoggedInUser, $targetUser);
 
 		$canEditOther = $isAdmin
-			|| ($isDelegatedAdmin && !$this->groupManager->isInGroup($targetUser->getUID(), 'admin'))
+			|| ($isDelegatedAdmin && !$this->groupManager->isAdmin($targetUser->getUID()))
 			|| $isSubAdminAccessible;
 
 		if (!$isSelf && !$canEditOther) {