check permissions before changing the display name

This commit is contained in:
Björn Schießle 2013-01-29 22:20:15 +01:00
parent 27edbfdf56
commit afad6e95db
1 changed files with 13 additions and 0 deletions

View File

@ -6,6 +6,19 @@ OC_JSON::checkLoggedIn();
$username = isset($_POST["username"]) ? $_POST["username"] : OC_User::getUser(); $username = isset($_POST["username"]) ? $_POST["username"] : OC_User::getUser();
$displayName = $_POST["displayName"]; $displayName = $_POST["displayName"];
$userstatus = null;
if(OC_User::isAdminUser(OC_User::getUser())) {
$userstatus = 'admin';
}
if(OC_SubAdmin::isUserAccessible(OC_User::getUser(), $username)) {
$userstatus = 'subadmin';
}
if(is_null($userstatus)) {
OC_JSON::error( array( "data" => array( "message" => "Authentication error" )));
exit();
}
// Return Success story // Return Success story
if( OC_User::setDisplayName( $username, $displayName )) { if( OC_User::setDisplayName( $username, $displayName )) {
OC_JSON::success(array("data" => array( "username" => $username ))); OC_JSON::success(array("data" => array( "username" => $username )));