Skip to content

Commit 40584f1

Browse files
ArtificialOwlArtificialOwl
committed
admin have no special rights on users' entries
Signed-off-by: Maxence Lange <maxence@artificial-owl.com>
1 parent c7035ee commit 40584f1

File tree

2 files changed

+9
-27
lines changed

2 files changed

+9
-27
lines changed

apps/files_external/lib/Controller/AjaxController.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -108,7 +108,7 @@ public function saveGlobalCredentials($uid, $user, $password) {
108108
$currentUser = $this->userSession->getUser();
109109

110110
// Non-admins can only edit their own credentials
111-
$allowedToEdit = ($this->groupManager->isAdmin($currentUser->getUID()) || $currentUser->getUID() === $uid);
111+
$allowedToEdit = ($currentUser->getUID() === $uid);
112112

113113
if ($allowedToEdit) {
114114
$this->globalAuth->saveAuth($uid, $user, $password);

apps/files_external/tests/Controller/AjaxControllerTest.php

Lines changed: 8 additions & 26 deletions
Original file line numberDiff line numberDiff line change
@@ -102,17 +102,11 @@ public function testSaveGlobalCredentialsAsAdminForAnotherUser() {
102102
->expects($this->once())
103103
->method('getUser')
104104
->willReturn($user);
105-
$this->groupManager
106-
->expects($this->once())
107-
->method('isAdmin')
108-
->with('MyAdminUid')
109-
->willReturn(true);
110105
$this->globalAuth
111-
->expects($this->once())
112-
->method('saveAuth')
113-
->with('UidOfTestUser', 'test', 'password');
106+
->expects($this->never())
107+
->method('saveAuth');
114108

115-
$this->assertSame(true, $this->ajaxController->saveGlobalCredentials('UidOfTestUser', 'test', 'password'));
109+
$this->assertSame(false, $this->ajaxController->saveGlobalCredentials('UidOfTestUser', 'test', 'password'));
116110
}
117111

118112
public function testSaveGlobalCredentialsAsAdminForSelf() {
@@ -125,11 +119,6 @@ public function testSaveGlobalCredentialsAsAdminForSelf() {
125119
->expects($this->once())
126120
->method('getUser')
127121
->willReturn($user);
128-
$this->groupManager
129-
->expects($this->once())
130-
->method('isAdmin')
131-
->with('MyAdminUid')
132-
->willReturn(true);
133122
$this->globalAuth
134123
->expects($this->once())
135124
->method('saveAuth')
@@ -141,18 +130,13 @@ public function testSaveGlobalCredentialsAsAdminForSelf() {
141130
public function testSaveGlobalCredentialsAsNormalUserForSelf() {
142131
$user = $this->createMock(IUser::class);
143132
$user
144-
->expects($this->exactly(2))
133+
->expects($this->once())
145134
->method('getUID')
146135
->willReturn('MyUserUid');
147136
$this->userSession
148137
->expects($this->once())
149138
->method('getUser')
150139
->willReturn($user);
151-
$this->groupManager
152-
->expects($this->once())
153-
->method('isAdmin')
154-
->with('MyUserUid')
155-
->willReturn(false);
156140
$this->globalAuth
157141
->expects($this->once())
158142
->method('saveAuth')
@@ -164,18 +148,16 @@ public function testSaveGlobalCredentialsAsNormalUserForSelf() {
164148
public function testSaveGlobalCredentialsAsNormalUserForAnotherUser() {
165149
$user = $this->createMock(IUser::class);
166150
$user
167-
->expects($this->exactly(2))
151+
->expects($this->once())
168152
->method('getUID')
169153
->willReturn('MyUserUid');
170154
$this->userSession
171155
->expects($this->once())
172156
->method('getUser')
173157
->willReturn($user);
174-
$this->groupManager
175-
->expects($this->once())
176-
->method('isAdmin')
177-
->with('MyUserUid')
178-
->willReturn(false);
158+
$this->globalAuth
159+
->expects($this->never())
160+
->method('saveAuth');
179161

180162
$this->assertSame(false, $this->ajaxController->saveGlobalCredentials('AnotherUserUid', 'test', 'password'));
181163
}

0 commit comments

Comments
 (0)