make some checks server-side

12 years ago · ab13702770
parent eaa625c9bc
commit ab13702770
2 changed files with 6 additions and 3 deletions
--- a/settings/ajax/togglegroups.php
+++ b/settings/ajax/togglegroups.php
@ -7,6 +7,12 @@ $success = true;
 $username = $_POST["username"];
 $group = OC_Util::sanitizeHTML($_POST["group"]);

+if($username == OC_User::getUser() && $group == "admin" &&  OC_Group::inGroup($username, 'admin')){
+	$l = OC_L10N::get('core');
+	OC_JSON::error(array( 'data' => array( 'message' => $l->t('Admins can\'t remove themself from the admin group'))));
+	exit();
+}
+
 if(!OC_Group::inGroup(OC_User::getUser(), 'admin') && (!OC_SubAdmin::isUserAccessible(OC_User::getUser(), $username) || !OC_SubAdmin::isGroupAccessible(OC_User::getUser(), $group))) {
 	$l = OC_L10N::get('core');
 	OC_JSON::error(array( 'data' => array( 'message' => $l->t('Authentication error') )));
--- a/settings/js/users.js
+++ b/settings/js/users.js
@ -165,9 +165,6 @@ var UserList={
 			}
 			if(user){
 				var checkHandeler=function(group){
-					if(user==OC.currentUser && group=='admin'){
-						return false;
-					}
 					if(!isadmin && checked.length == 1 && checked[0] == group){
 						return false;
 					}