fix changepassword.php for subadmins

2012-07-18 15:27:31 +02:00 · 2012-07-18 15:27:31 +02:00 · 4490a88492
parent 1a57d392e9
commit 4490a88492
1 changed files with 22 additions and 1 deletions
--- a/settings/ajax/changepassword.php
+++ b/settings/ajax/changepassword.php
@ -11,7 +11,28 @@ $oldPassword=isset($_POST["oldpassword"])?$_POST["oldpassword"]:'';
 OC_JSON::checkLoggedIn();
 OCP\JSON::callCheck();
-if( (!OC_Group::inGroup( OC_User::getUser(), 'admin' ) && ($username!=OC_User::getUser() || !OC_User::checkPassword($username,$oldPassword)))) {
+$userstatus = null;
 if(OC_Group::inGroup(OC_User::getUser(), 'admin')){
 	$userstatus = 'admin';
 }
 if(OC_SubAdmin::isSubAdmin(OC_User::getUser())){
 	$accessiblegroups = OC_SubAdmin::getSubAdminsGroups(OC_User::getUser());
 	$isuseraccessible = false;
 	foreach($accessiblegroups as $accessiblegroup){
 		if(OC_Group::inGroup($username, $accessiblegroup)){
 			$isuseraccessible = true;
 			break;
 		}
 	}
 	if($isuseraccessible){
 		$userstatus = 'subadmin';
 	}
 }
 if(OC_User::getUser() == $username && OC_User::checkPassword($username,$oldPassword)){
 	$userstatus = 'user';
 }
 if(is_null($userstatus)){
 	OC_JSON::error( array( "data" => array( "message" => "Authentication error" )));
 	exit();
 }