Skip to content

Commit 5ce3127

Browse files
ArtificialOwlblizzz
ArtificialOwl
authored and
blizzz
committed
admin have no special rights on users' entries
Signed-off-by: Maxence Lange <[email protected]>
1 parent 41e0fcf commit 5ce3127

File tree

2 files changed

+7
-30
lines changed

2 files changed

+7
-30
lines changed

apps/files_external/lib/Controller/AjaxController.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -108,7 +108,7 @@ public function saveGlobalCredentials($uid, $user, $password) {
108108
$currentUser = $this->userSession->getUser();
109109

110110
// Non-admins can only edit their own credentials
111-
$allowedToEdit = ($this->groupManager->isAdmin($currentUser->getUID()) || $currentUser->getUID() === $uid);
111+
$allowedToEdit = ($currentUser->getUID() === $uid);
112112

113113
if ($allowedToEdit) {
114114
$this->globalAuth->saveAuth($uid, $user, $password);

apps/files_external/tests/Controller/AjaxControllerTest.php

Lines changed: 6 additions & 29 deletions
Original file line numberDiff line numberDiff line change
@@ -102,17 +102,11 @@ public function testSaveGlobalCredentialsAsAdminForAnotherUser() {
102102
->expects($this->once())
103103
->method('getUser')
104104
->willReturn($user);
105-
$this->groupManager
106-
->expects($this->once())
107-
->method('isAdmin')
108-
->with('MyAdminUid')
109-
->willReturn(true);
110105
$this->globalAuth
111-
->expects($this->once())
112-
->method('saveAuth')
113-
->with('UidOfTestUser', 'test', 'password');
106+
->expects($this->never())
107+
->method('saveAuth');
114108

115-
$this->assertSame(true, $this->ajaxController->saveGlobalCredentials('UidOfTestUser', 'test', 'password'));
109+
$this->assertSame(false, $this->ajaxController->saveGlobalCredentials('UidOfTestUser', 'test', 'password'));
116110
}
117111

118112
public function testSaveGlobalCredentialsAsAdminForSelf() {
@@ -125,11 +119,6 @@ public function testSaveGlobalCredentialsAsAdminForSelf() {
125119
->expects($this->once())
126120
->method('getUser')
127121
->willReturn($user);
128-
$this->groupManager
129-
->expects($this->once())
130-
->method('isAdmin')
131-
->with('MyAdminUid')
132-
->willReturn(true);
133122
$this->globalAuth
134123
->expects($this->once())
135124
->method('saveAuth')
@@ -141,20 +130,12 @@ public function testSaveGlobalCredentialsAsAdminForSelf() {
141130
public function testSaveGlobalCredentialsAsNormalUserForSelf() {
142131
$user = $this->createMock(IUser::class);
143132
$user
144-
->expects($this->exactly(2))
145133
->method('getUID')
146134
->willReturn('MyUserUid');
147135
$this->userSession
148-
->expects($this->once())
149136
->method('getUser')
150137
->willReturn($user);
151-
$this->groupManager
152-
->expects($this->once())
153-
->method('isAdmin')
154-
->with('MyUserUid')
155-
->willReturn(false);
156138
$this->globalAuth
157-
->expects($this->once())
158139
->method('saveAuth')
159140
->with('MyUserUid', 'test', 'password');
160141

@@ -164,18 +145,14 @@ public function testSaveGlobalCredentialsAsNormalUserForSelf() {
164145
public function testSaveGlobalCredentialsAsNormalUserForAnotherUser() {
165146
$user = $this->createMock(IUser::class);
166147
$user
167-
->expects($this->exactly(2))
168148
->method('getUID')
169149
->willReturn('MyUserUid');
170150
$this->userSession
171-
->expects($this->once())
172151
->method('getUser')
173152
->willReturn($user);
174-
$this->groupManager
175-
->expects($this->once())
176-
->method('isAdmin')
177-
->with('MyUserUid')
178-
->willReturn(false);
153+
$this->globalAuth
154+
->expects($this->never())
155+
->method('saveAuth');
179156

180157
$this->assertSame(false, $this->ajaxController->saveGlobalCredentials('AnotherUserUid', 'test', 'password'));
181158
}

0 commit comments

Comments
 (0)