admin have no special rights on users' entries

Signed-off-by: Maxence Lange <[email protected]>

apps/files_external/lib/Controller/AjaxController.php

@@ -32,7 +32,6 @@
 use OCA\Files_External\Lib\Auth\PublicKey\RSA;
 use OCP\AppFramework\Controller;
 use OCP\AppFramework\Http\JSONResponse;
-use OCP\IGroupManager;
 use OCP\IRequest;
 use OCP\IUserSession;
 
@@ -105,16 +104,12 @@ public function getSshKeys($keyLength = 1024) {
 	 * @return bool
 	 */
 	public function saveGlobalCredentials($uid, $user, $password) {
-		$currentUser = $this->userSession->getUser();
-
-		// Non-admins can only edit their own credentials
-		$allowedToEdit = ($this->groupManager->isAdmin($currentUser->getUID()) || $currentUser->getUID() === $uid);
-
-		if ($allowedToEdit) {
-			$this->globalAuth->saveAuth($uid, $user, $password);
-			return true;
-		} else {
+		if ($this->userSession->getUser()->getUID() !== $uid) {
 			return false;
 		}
+
+		$this->globalAuth->saveAuth($uid, $user, $password);
+
+		return true;
 	}
 }

apps/files_external/tests/Controller/AjaxControllerTest.php

@@ -102,17 +102,11 @@ public function testSaveGlobalCredentialsAsAdminForAnotherUser() {
 			->expects($this->once())
 			->method('getUser')
 			->willReturn($user);
-		$this->groupManager
-			->expects($this->once())
-			->method('isAdmin')
-			->with('MyAdminUid')
-			->willReturn(true);
 		$this->globalAuth
-			->expects($this->once())
-			->method('saveAuth')
-			->with('UidOfTestUser', 'test', 'password');
+			->expects($this->never())
+			->method('saveAuth');
 
-		$this->assertSame(true, $this->ajaxController->saveGlobalCredentials('UidOfTestUser', 'test', 'password'));
+		$this->assertSame(false, $this->ajaxController->saveGlobalCredentials('UidOfTestUser', 'test', 'password'));
 	}
 
 	public function testSaveGlobalCredentialsAsAdminForSelf() {
@@ -125,11 +119,6 @@ public function testSaveGlobalCredentialsAsAdminForSelf() {
 			->expects($this->once())
 			->method('getUser')
 			->willReturn($user);
-		$this->groupManager
-			->expects($this->once())
-			->method('isAdmin')
-			->with('MyAdminUid')
-			->willReturn(true);
 		$this->globalAuth
 			->expects($this->once())
 			->method('saveAuth')
@@ -141,18 +130,13 @@ public function testSaveGlobalCredentialsAsAdminForSelf() {
 	public function testSaveGlobalCredentialsAsNormalUserForSelf() {
 		$user = $this->createMock(IUser::class);
 		$user
-			->expects($this->exactly(2))
+			->expects($this->once())
 			->method('getUID')
 			->willReturn('MyUserUid');
 		$this->userSession
 			->expects($this->once())
 			->method('getUser')
 			->willReturn($user);
-		$this->groupManager
-			->expects($this->once())
-			->method('isAdmin')
-			->with('MyUserUid')
-			->willReturn(false);
 		$this->globalAuth
 			->expects($this->once())
 			->method('saveAuth')
@@ -164,18 +148,16 @@ public function testSaveGlobalCredentialsAsNormalUserForSelf() {
 	public function testSaveGlobalCredentialsAsNormalUserForAnotherUser() {
 		$user = $this->createMock(IUser::class);
 		$user
-			->expects($this->exactly(2))
+			->expects($this->once())
 			->method('getUID')
 			->willReturn('MyUserUid');
 		$this->userSession
 			->expects($this->once())
 			->method('getUser')
 			->willReturn($user);
-		$this->groupManager
-			->expects($this->once())
-			->method('isAdmin')
-			->with('MyUserUid')
-			->willReturn(false);
+		$this->globalAuth
+			->expects($this->never())
+			->method('saveAuth');
 
 		$this->assertSame(false, $this->ajaxController->saveGlobalCredentials('AnotherUserUid', 'test', 'password'));
 	}