upstream/nextcloud
1
0
Fork 0
mirror of https://github.com/nextcloud/server.git synced 2026-04-15 22:11:17 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 25

Adjust permission checks

Browse source 
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
This commit is contained in:
Lukas Reschke 2016-11-18 10:20:04 +01:00 committed by Roeland Jago Douma
parent fb91bf6a5b
commit 662dff046d
No known key found for this signature in database
GPG key ID: F941078878347C0C
2 changed files with 10 additions and 16 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
settings/Controller/UsersController.php
View file

@ -502,8 +502,6 @@ class UsersController extends Controller {
}
/**
* @todo add method description
*
* @NoAdminRequired
* @NoSubadminRequired
* @PasswordConfirmationRequired
@ -673,6 +671,8 @@ class UsersController extends Controller {
* @PasswordConfirmationRequired
* @todo merge into saveUserSettings
*
* @NoAdminRequired
*
* @param string $username
* @param string $displayName
* @return DataResponse
@ -681,14 +681,8 @@ class UsersController extends Controller {
$currentUser = $this->userSession->getUser();
$user = $this->userManager->get($username);
if ($user === null ||
!$user->canChangeDisplayName() ||
(
!$this->groupManager->isAdmin($currentUser->getUID()) &&
!$this->groupManager->getSubAdmin()->isUserAccessible($currentUser, $user) &&
$currentUser->getUID() !== $username
)
if (!$this->groupManager->isAdmin($currentUser->getUID()) &&
!$this->groupManager->getSubAdmin()->isUserAccessible($currentUser, $user)
) {
return new DataResponse([
'status' => 'error',

12
settings/templates/personal.php
View file

@ -114,7 +114,7 @@ if($_['displayNameChangeSupported']) {
<div class="personal-settings-setting-box">
<form id="addressform" class="section">
<h2>
<label for="address"><?php echo $l->t('Address'); ?></label>
<label for="address"><?php p($l->t('Address')); ?></label>
<span class="icon-password"/>
</h2>
<input type="text" id="address" name="address"
@ -233,17 +233,17 @@ if($_['passwordChangeSupported']) {
<h2 class="inlineblock"><?php p($l->t('Password'));?></h2>
<div id="password-error-msg" class="msg success inlineblock" style="display: none;">Saved</div>
<br>
<label for="pass1" class="hidden-visually"><?php echo $l->t('Current password');?>: </label>
<label for="pass1" class="hidden-visually"><?php p($l->t('Current password')); ?>: </label>
<input type="password" id="pass1" name="oldpassword"
placeholder="<?php echo $l->t('Current password');?>"
placeholder="<?php p($l->t('Current password'));?>"
autocomplete="off" autocapitalize="off" autocorrect="off" />
<label for="pass2" class="hidden-visually"><?php echo $l->t('New password');?>: </label>
<label for="pass2" class="hidden-visually"><?php p($l->t('New password'));?>: </label>
<input type="password" id="pass2" name="newpassword"
placeholder="<?php echo $l->t('New password');?>"
placeholder="<?php p($l->t('New password')); ?>"
data-typetoggle="#personal-show"
autocomplete="off" autocapitalize="off" autocorrect="off" />
<input type="checkbox" id="personal-show" name="show" /><label for="personal-show" class="personal-show-label"></label>
<input id="passwordbutton" type="submit" value="<?php echo $l->t('Change password');?>" />
<input id="passwordbutton" type="submit" value="<?php p($l->t('Change password')); ?>" />
<br/>
</form>
<?php