[Pkg-owncloud-commits] [owncloud] 155/394: make some checks server-side
David Prévot
taffit at alioth.debian.org
Fri Nov 8 23:11:51 UTC 2013
This is an automated email from the git hooks/post-receive script.
taffit pushed a commit to annotated tag v4.5.10
in repository owncloud.
commit cc785e2f1b781726c8e0e3177753fb1f07997471
Author: Georg Ehrke <dev at georgswebsite.de>
Date: Wed Nov 28 17:57:31 2012 +0100
make some checks server-side
---
settings/ajax/togglegroups.php | 6 ++++++
settings/js/users.js | 3 ---
2 files changed, 6 insertions(+), 3 deletions(-)
diff --git a/settings/ajax/togglegroups.php b/settings/ajax/togglegroups.php
index 6574796..0c51f09 100644
--- a/settings/ajax/togglegroups.php
+++ b/settings/ajax/togglegroups.php
@@ -10,6 +10,12 @@ $success = true;
$username = $_POST["username"];
$group = OC_Util::sanitizeHTML($_POST["group"]);
+if($username == OC_User::getUser() && $group == "admin" && OC_Group::inGroup($username, 'admin')){
+ $l = OC_L10N::get('core');
+ OC_JSON::error(array( 'data' => array( 'message' => $l->t('Admins can\'t remove themself from the admin group'))));
+ exit();
+}
+
if(!OC_Group::inGroup(OC_User::getUser(), 'admin') && (!OC_SubAdmin::isUserAccessible(OC_User::getUser(), $username) || !OC_SubAdmin::isGroupAccessible(OC_User::getUser(), $group))) {
$l = OC_L10N::get('core');
OC_JSON::error(array( 'data' => array( 'message' => $l->t('Authentication error') )));
diff --git a/settings/js/users.js b/settings/js/users.js
index bca9fea..f40746f 100644
--- a/settings/js/users.js
+++ b/settings/js/users.js
@@ -165,9 +165,6 @@ var UserList={
}
if(user){
var checkHandeler=function(group){
- if(user==OC.currentUser && group=='admin'){
- return false;
- }
if(!isadmin && checked.length == 1 && checked[0] == group){
return false;
}
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-owncloud/owncloud.git
More information about the Pkg-owncloud-commits
mailing list