From 1a7ad9f4782f34f7662996fc680905afcaa93f2d Mon Sep 17 00:00:00 2001
From: alec <alec@208e9e7b-5314-0410-a742-e7e81cd9613c>
Date: Wed, 27 Jul 2011 17:50:39 +0000
Subject: - Don't allow setting rights to yourself

git-svn-id: https://svn.roundcube.net/trunk@4979 208e9e7b-5314-0410-a742-e7e81cd9613c
---
 plugins/acl/acl.php | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

(limited to 'plugins')

diff --git a/plugins/acl/acl.php b/plugins/acl/acl.php
index 2b1baaa3c..3c986a376 100644
--- a/plugins/acl/acl.php
+++ b/plugins/acl/acl.php
@@ -439,9 +439,11 @@ class acl extends rcube_plugin
             $username = $user;
         }
 
-        if ($acl && $user && strlen($mbox)
-            && $this->rc->imap->set_acl($mbox, $user, $acl)
-        ) {
+        if ($acl && $user && $user != $_SESSION['username'] && strlen($mbox)) {
+            $result = $this->rc->imap->set_acl($mbox, $user, $acl);
+        }
+
+        if ($result) {
             $ret = array('id' => html_identifier($user),
                  'username' => $username, 'acl' => implode($acl), 'old' => $oldid);
             $this->rc->output->command('acl_update', $ret);
-- 
cgit v1.2.3