check permissions before changing the display name
This commit is contained in:
parent
27edbfdf56
commit
afad6e95db
|
@ -6,6 +6,19 @@ OC_JSON::checkLoggedIn();
|
|||
$username = isset($_POST["username"]) ? $_POST["username"] : OC_User::getUser();
|
||||
$displayName = $_POST["displayName"];
|
||||
|
||||
$userstatus = null;
|
||||
if(OC_User::isAdminUser(OC_User::getUser())) {
|
||||
$userstatus = 'admin';
|
||||
}
|
||||
if(OC_SubAdmin::isUserAccessible(OC_User::getUser(), $username)) {
|
||||
$userstatus = 'subadmin';
|
||||
}
|
||||
|
||||
if(is_null($userstatus)) {
|
||||
OC_JSON::error( array( "data" => array( "message" => "Authentication error" )));
|
||||
exit();
|
||||
}
|
||||
|
||||
// Return Success story
|
||||
if( OC_User::setDisplayName( $username, $displayName )) {
|
||||
OC_JSON::success(array("data" => array( "username" => $username )));
|
||||
|
|
Loading…
Reference in New Issue