Skip to content

Commit

Permalink
fix: allows admin to edit global credentials
Browse files Browse the repository at this point in the history 
Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>
  • Loading branch information
@Altahrim
Altahrim committed Jun 24, 2024
1 parent 4680bc4 commit ddd3ca0
Showing 1 changed file with 6 additions and 3 deletions.
9 changes: 6 additions & 3 deletions apps/files_external/lib/Controller/AjaxController.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -86,13 +86,16 @@ public function saveGlobalCredentials($uid, $user, $password) {
$currentUser = $this->userSession->getUser();

// Non-admins can only edit their own credentials
$allowedToEdit = ($currentUser->getUID() === $uid);
// Admin can edit global credentials
$allowedToEdit = $uid === ''
? $this->groupManager->isAdmin($currentUser->getUID())

Check notice

Code scanning / Psalm

PossiblyNullReference Note

Cannot call method getUID on possibly null value
: $currentUser->getUID() === $uid;

Check notice

Code scanning / Psalm

PossiblyNullReference Note

Cannot call method getUID on possibly null value

if ($allowedToEdit) {
$this->globalAuth->saveAuth($uid, $user, $password);
return true;
} else {
return false;
}

return false;
}
}

0 comments on commit ddd3ca0

Please sign in to comment.