From d4bc489de10de6c5a731ff660d7b7edf4913510b Mon Sep 17 00:00:00 2001
From: Maxence Lange <maxence@artificial-owl.com>
Date: Thu, 31 Aug 2023 16:00:21 -0100
Subject: [PATCH] admin have no special rights on users' entries

Signed-off-by: Maxence Lange <maxence@artificial-owl.com>
---
 .../lib/Controller/AjaxController.php         |  2 +-
 .../tests/Controller/AjaxControllerTest.php   | 35 ++++---------------
 2 files changed, 7 insertions(+), 30 deletions(-)

diff --git a/apps/files_external/lib/Controller/AjaxController.php b/apps/files_external/lib/Controller/AjaxController.php
index db23ecd709d63..e41a75a62bc09 100644
--- a/apps/files_external/lib/Controller/AjaxController.php
+++ b/apps/files_external/lib/Controller/AjaxController.php
@@ -108,7 +108,7 @@ public function saveGlobalCredentials($uid, $user, $password) {
 		$currentUser = $this->userSession->getUser();
 
 		// Non-admins can only edit their own credentials
-		$allowedToEdit = ($this->groupManager->isAdmin($currentUser->getUID()) || $currentUser->getUID() === $uid);
+		$allowedToEdit = ($currentUser->getUID() === $uid);
 
 		if ($allowedToEdit) {
 			$this->globalAuth->saveAuth($uid, $user, $password);
diff --git a/apps/files_external/tests/Controller/AjaxControllerTest.php b/apps/files_external/tests/Controller/AjaxControllerTest.php
index 2ddd64f0e073a..304a180793110 100644
--- a/apps/files_external/tests/Controller/AjaxControllerTest.php
+++ b/apps/files_external/tests/Controller/AjaxControllerTest.php
@@ -102,17 +102,11 @@ public function testSaveGlobalCredentialsAsAdminForAnotherUser() {
 			->expects($this->once())
 			->method('getUser')
 			->willReturn($user);
-		$this->groupManager
-			->expects($this->once())
-			->method('isAdmin')
-			->with('MyAdminUid')
-			->willReturn(true);
 		$this->globalAuth
-			->expects($this->once())
-			->method('saveAuth')
-			->with('UidOfTestUser', 'test', 'password');
+			->expects($this->never())
+			->method('saveAuth');
 
-		$this->assertSame(true, $this->ajaxController->saveGlobalCredentials('UidOfTestUser', 'test', 'password'));
+		$this->assertSame(false, $this->ajaxController->saveGlobalCredentials('UidOfTestUser', 'test', 'password'));
 	}
 
 	public function testSaveGlobalCredentialsAsAdminForSelf() {
@@ -125,11 +119,6 @@ public function testSaveGlobalCredentialsAsAdminForSelf() {
 			->expects($this->once())
 			->method('getUser')
 			->willReturn($user);
-		$this->groupManager
-			->expects($this->once())
-			->method('isAdmin')
-			->with('MyAdminUid')
-			->willReturn(true);
 		$this->globalAuth
 			->expects($this->once())
 			->method('saveAuth')
@@ -141,20 +130,12 @@ public function testSaveGlobalCredentialsAsAdminForSelf() {
 	public function testSaveGlobalCredentialsAsNormalUserForSelf() {
 		$user = $this->createMock(IUser::class);
 		$user
-			->expects($this->exactly(2))
 			->method('getUID')
 			->willReturn('MyUserUid');
 		$this->userSession
-			->expects($this->once())
 			->method('getUser')
 			->willReturn($user);
-		$this->groupManager
-			->expects($this->once())
-			->method('isAdmin')
-			->with('MyUserUid')
-			->willReturn(false);
 		$this->globalAuth
-			->expects($this->once())
 			->method('saveAuth')
 			->with('MyUserUid', 'test', 'password');
 
@@ -164,18 +145,14 @@ public function testSaveGlobalCredentialsAsNormalUserForSelf() {
 	public function testSaveGlobalCredentialsAsNormalUserForAnotherUser() {
 		$user = $this->createMock(IUser::class);
 		$user
-			->expects($this->exactly(2))
 			->method('getUID')
 			->willReturn('MyUserUid');
 		$this->userSession
-			->expects($this->once())
 			->method('getUser')
 			->willReturn($user);
-		$this->groupManager
-			->expects($this->once())
-			->method('isAdmin')
-			->with('MyUserUid')
-			->willReturn(false);
+		$this->globalAuth
+			->expects($this->never())
+			->method('saveAuth');
 
 		$this->assertSame(false, $this->ajaxController->saveGlobalCredentials('AnotherUserUid', 'test', 'password'));
 	}