mbk-lab
/
nextcloud
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Require password confirmation to change the Quota 

Signed-off-by: Joas Schilling <coding@schilljs.com>
This commit is contained in:
Joas Schilling 2016-11-10 17:18:12 +01:00 committed by Lukas Reschke
parent 05df523395
commit a53c313878
No known key found for this signature in database
GPG Key ID: B9F6980CF6E759B1
2 changed files with 19 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
settings/ajax/setquota.php
View File

@ -32,6 +32,13 @@
OC_JSON::checkSubAdminUser();
OCP\JSON::callCheck();
$lastConfirm = (int) \OC::$server->getSession()->get('last-password-confirm');
if ($lastConfirm < (time() - 30 * 60 + 15)) { // allow 15 seconds delay
$l = \OC::$server->getL10N('core');
OC_JSON::error(array( 'data' => array( 'message' => $l->t('Password confirmation is required'))));
exit();
}
$username = isset($_POST["username"]) ? (string)$_POST["username"] : '';
$isUserAccessible = false;

15
settings/js/users/users.js
View File

@ -539,7 +539,7 @@ var UserList = {
OC.Notification.showTemporary(t('core', 'Invalid quota value "{val}"', {val: quota}));
return;
}
UserList._updateQuota(uid, quota, function(returnedQuota){
UserList._updateQuota(uid, quota, function(returnedQuota) {
if (quota !== returnedQuota) {
$select.find(':selected').text(returnedQuota);
}
@ -553,12 +553,21 @@ var UserList = {
* @param {Function} ready callback after save
*/
_updateQuota: function(uid, quota, ready) {
if (OC.PasswordConfirmation.requiresPasswordConfirmation()) {
OC.PasswordConfirmation.requirePasswordConfirmation(_.bind(this._updateQuota, this, uid, quota, ready));
return;
}
$.post(
OC.filePath('settings', 'ajax', 'setquota.php'),
{username: uid, quota: quota},
function (result) {
if (ready) {
ready(result.data.quota);
if (result.status === 'error') {
OC.Notification.showTemporary(result.data.message);
} else {
if (ready) {
ready(result.data.quota);
}
}
}
);