From ab1370277036b337040ce180614f967295ad287a Mon Sep 17 00:00:00 2001
From: Georg Ehrke <dev@georgswebsite.de>
Date: Wed, 28 Nov 2012 17:57:31 +0100
Subject: [PATCH] make some checks server-side

---
 settings/ajax/togglegroups.php | 6 ++++++
 settings/js/users.js           | 3 ---
 2 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/settings/ajax/togglegroups.php b/settings/ajax/togglegroups.php
index de941f9913..931ab2689e 100644
--- a/settings/ajax/togglegroups.php
+++ b/settings/ajax/togglegroups.php
@@ -7,6 +7,12 @@ $success = true;
 $username = $_POST["username"];
 $group = OC_Util::sanitizeHTML($_POST["group"]);
 
+if($username == OC_User::getUser() && $group == "admin" &&  OC_Group::inGroup($username, 'admin')){
+	$l = OC_L10N::get('core');
+	OC_JSON::error(array( 'data' => array( 'message' => $l->t('Admins can\'t remove themself from the admin group'))));
+	exit();
+}
+
 if(!OC_Group::inGroup(OC_User::getUser(), 'admin') && (!OC_SubAdmin::isUserAccessible(OC_User::getUser(), $username) || !OC_SubAdmin::isGroupAccessible(OC_User::getUser(), $group))) {
 	$l = OC_L10N::get('core');
 	OC_JSON::error(array( 'data' => array( 'message' => $l->t('Authentication error') )));
diff --git a/settings/js/users.js b/settings/js/users.js
index 517984f924..af83e0321a 100644
--- a/settings/js/users.js
+++ b/settings/js/users.js
@@ -165,9 +165,6 @@ var UserList={
 			}
 			if(user){
 				var checkHandeler=function(group){
-					if(user==OC.currentUser && group=='admin'){
-						return false;
-					}
 					if(!isadmin && checked.length == 1 && checked[0] == group){
 						return false;
 					}
-- 
GitLab