nextcloud/settings/ajax/removeuser.php

<?php

OC_JSON::checkSubAdminUser();
OCP\JSON::callCheck();

$username = $_POST["username"];

// A user shouldn't be able to delete his own account
if(OC_User::getUser() === $username) {
	exit;
}

if(!OC_User::isAdminUser(OC_User::getUser()) && !OC_SubAdmin::isUserAccessible(OC_User::getUser(), $username)) {
	$l = OC_L10N::get('core');
	OC_JSON::error(array( 'data' => array( 'message' => $l->t('Authentication error') )));
	exit();
}

// Return Success story
if( OC_User::deleteUser( $username )) {
	OC_JSON::success(array("data" => array( "username" => $username )));
}
else{
	OC_JSON::error(array("data" => array( "message" => $l->t("Unable to delete user") )));
}
Some work on the fancy user management 2011-04-17 03:04:23 +04:00			`<?php`

fix removeuser.php for subadmins 2012-07-18 19:23:40 +04:00			`OC_JSON::checkSubAdminUser();`
CSRF check in the settings 2012-07-07 17:27:04 +04:00			`OCP\JSON::callCheck();`
Some work on the fancy user management 2011-04-17 03:04:23 +04:00
User manager still not perfect but the aim is reachable! 2011-04-17 15:15:55 +04:00			`$username = $_POST["username"];`
Some work on the fancy user management 2011-04-17 03:04:23 +04:00
Disallow users to delete their own accounts 2012-10-10 20:05:34 +04:00			`// A user shouldn't be able to delete his own account`
			`if(OC_User::getUser() === $username) {`
			`exit;`
			`}`

Check if user is admin - bool There was no "isAdminUser()" function which returned bool. This is irritiating as there were a loooooooot of places in the code which checked this itself with `OC_Group::inGroup($uid, 'admin)` - why not use a function for this? (Especially if you consider that we might change the group name in the future, which would lead to problems then) Additionally, @Raydiation needed such a method for his AppFramework :) 2013-01-14 22:45:17 +04:00			`if(!OC_User::isAdminUser(OC_User::getUser()) && !OC_SubAdmin::isUserAccessible(OC_User::getUser(), $username)) {`
simplify code of remoteuser.php 2012-07-19 18:35:14 +04:00			`$l = OC_L10N::get('core');`
fix copy&paste fail and deny subadmins to set the default qouta 2012-07-19 20:00:33 +04:00			`OC_JSON::error(array( 'data' => array( 'message' => $l->t('Authentication error') )));`
simplify code of remoteuser.php 2012-07-19 18:35:14 +04:00			`exit();`
fix removeuser.php for subadmins 2012-07-18 19:23:40 +04:00			`}`

Some work on the fancy user management 2011-04-17 03:04:23 +04:00			`// Return Success story`
Update settings/ajax/removeuser.php respect coding style 2012-09-04 13:51:04 +04:00			`if( OC_User::deleteUser( $username )) {`
Use OC_JSON for json responses Create OC_JSON class, for single point of creating json responses. No real logic change, this just cleans up the code a bit. 2011-09-24 00:22:59 +04:00			`OC_JSON::success(array("data" => array( "username" => $username )));`
Some work on the fancy user management 2011-04-17 03:04:23 +04:00			`}`
			`else{`
Update settings/ajax/removeuser.php $l->t added for error message 2012-09-04 13:54:04 +04:00			`OC_JSON::error(array("data" => array( "message" => $l->t("Unable to delete user") )));`
Some work on the fancy user management 2011-04-17 03:04:23 +04:00			`}`