nextcloud/settings/ajax/removeuser.php

<?php

OC_JSON::checkSubAdminUser();
OCP\JSON::callCheck();

$username = $_POST["username"];

// A user shouldn't be able to delete his own account
if(OC_User::getUser() === $username) {
	exit;
}

if(!OC_User::isAdminUser(OC_User::getUser()) && !OC_SubAdmin::isUserAccessible(OC_User::getUser(), $username)) {
	$l = OC_L10N::get('core');
	OC_JSON::error(array( 'data' => array( 'message' => $l->t('Authentication error') )));
	exit();
}

// Return Success story
if( OC_User::deleteUser( $username )) {
	OC_JSON::success(array("data" => array( "username" => $username )));
}
else{
	$l = OC_L10N::get('core');
	OC_JSON::error(array("data" => array( "message" => $l->t("Unable to delete user") )));
}
Some work on the fancy user management 2011-04-16 19:04:23 -04:00			`<?php`

fix removeuser.php for subadmins 2012-07-18 11:23:40 -04:00			`OC_JSON::checkSubAdminUser();`
CSRF check in the settings 2012-07-07 09:27:04 -04:00			`OCP\JSON::callCheck();`
Some work on the fancy user management 2011-04-16 19:04:23 -04:00
User manager still not perfect but the aim is reachable! 2011-04-17 07:15:55 -04:00			`$username = $_POST["username"];`
Some work on the fancy user management 2011-04-16 19:04:23 -04:00
Disallow users to delete their own accounts 2012-10-10 12:05:34 -04:00			`// A user shouldn't be able to delete his own account`
			`if(OC_User::getUser() === $username) {`
			`exit;`
			`}`

Check if user is admin - bool There was no "isAdminUser()" function which returned bool. This is irritiating as there were a loooooooot of places in the code which checked this itself with `OC_Group::inGroup($uid, 'admin)` - why not use a function for this? (Especially if you consider that we might change the group name in the future, which would lead to problems then) Additionally, @Raydiation needed such a method for his AppFramework :) 2013-01-14 13:45:17 -05:00			`if(!OC_User::isAdminUser(OC_User::getUser()) && !OC_SubAdmin::isUserAccessible(OC_User::getUser(), $username)) {`
simplify code of remoteuser.php 2012-07-19 10:35:14 -04:00			`$l = OC_L10N::get('core');`
fix copy&paste fail and deny subadmins to set the default qouta 2012-07-19 12:00:33 -04:00			`OC_JSON::error(array( 'data' => array( 'message' => $l->t('Authentication error') )));`
simplify code of remoteuser.php 2012-07-19 10:35:14 -04:00			`exit();`
fix removeuser.php for subadmins 2012-07-18 11:23:40 -04:00			`}`

Some work on the fancy user management 2011-04-16 19:04:23 -04:00			`// Return Success story`
Update settings/ajax/removeuser.php respect coding style 2012-09-04 05:51:04 -04:00			`if( OC_User::deleteUser( $username )) {`
Use OC_JSON for json responses Create OC_JSON class, for single point of creating json responses. No real logic change, this just cleans up the code a bit. 2011-09-23 16:22:59 -04:00			`OC_JSON::success(array("data" => array( "username" => $username )));`
Some work on the fancy user management 2011-04-16 19:04:23 -04:00			`}`
			`else{`
init language object before using it 2013-06-12 03:40:13 -04:00			`$l = OC_L10N::get('core');`
Update settings/ajax/removeuser.php $l->t added for error message 2012-09-04 05:54:04 -04:00			`OC_JSON::error(array("data" => array( "message" => $l->t("Unable to delete user") )));`
Some work on the fancy user management 2011-04-16 19:04:23 -04:00			`}`