Disallow users to delete their own accounts
This commit is contained in:
parent
41640b4b91
commit
2f4b1b0e4c
|
@ -8,6 +8,11 @@ OCP\JSON::callCheck();
|
||||||
|
|
||||||
$username = $_POST["username"];
|
$username = $_POST["username"];
|
||||||
|
|
||||||
|
// A user shouldn't be able to delete his own account
|
||||||
|
if(OC_User::getUser() === $username) {
|
||||||
|
exit;
|
||||||
|
}
|
||||||
|
|
||||||
if(!OC_Group::inGroup(OC_User::getUser(), 'admin') && !OC_SubAdmin::isUserAccessible(OC_User::getUser(), $username)) {
|
if(!OC_Group::inGroup(OC_User::getUser(), 'admin') && !OC_SubAdmin::isUserAccessible(OC_User::getUser(), $username)) {
|
||||||
$l = OC_L10N::get('core');
|
$l = OC_L10N::get('core');
|
||||||
OC_JSON::error(array( 'data' => array( 'message' => $l->t('Authentication error') )));
|
OC_JSON::error(array( 'data' => array( 'message' => $l->t('Authentication error') )));
|
||||||
|
|
Loading…
Reference in New Issue