From 7f08c84739f5cff97a6176555ddc2bef6a0f010f Mon Sep 17 00:00:00 2001
From: Georg Ehrke <dev@georgswebsite.de>
Date: Fri, 20 Jul 2012 15:13:51 +0200
Subject: [PATCH] fix tooglegroup for subadmins

---
 settings/ajax/togglegroups.php | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/settings/ajax/togglegroups.php b/settings/ajax/togglegroups.php
index 95338ed026..75cd0858bb 100644
--- a/settings/ajax/togglegroups.php
+++ b/settings/ajax/togglegroups.php
@@ -3,7 +3,7 @@
 // Init owncloud
 require_once('../../lib/base.php');
 
-OC_JSON::checkAdminUser();
+OC_JSON::checkSubAdminUser();
 OCP\JSON::callCheck();
 
 $success = true;
@@ -13,6 +13,12 @@ $action = "add";
 $username = $_POST["username"];
 $group = OC_Util::sanitizeHTML($_POST["group"]);
 
+if(!OC_Group::inGroup(OC_User::getUser(), 'admin') && (!OC_SubAdmin::isUserAccessible(OC_User::getUser(), $username) || !OC_SubAdmin::isGroupAccessible(OC_User::getUser(), $group))){
+	$l = OC_L10N::get('core');
+	OC_JSON::error(array( 'data' => array( 'message' => $l->t('Authentication error') )));
+	exit();
+}
+
 if(!OC_Group::groupExists($group)){
 	OC_Group::createGroup($group);
 }