Merge branch 'subadmin'

db_structure.xml

@@ -233,6 +233,32 @@
 
  </table>
 
+ <table>
+
+  <name>*dbprefix*group_admin</name>
+
+  <declaration>
+
+   <field>
+    <name>gid</name>
+    <type>text</type>
+    <default></default>
+    <notnull>true</notnull>
+    <length>64</length>
+   </field>
+
+   <field>
+    <name>uid</name>
+    <type>text</type>
+    <default></default>
+    <notnull>true</notnull>
+    <length>64</length>
+   </field>
+
+  </declaration>
+
+ </table>
+
  <table>
 
   <name>*dbprefix*groups</name>

lib/app.php

@@ -292,16 +292,21 @@ class OC_App{
 		if (OC_User::isLoggedIn()) {
 			// personal menu
 			$settings[] = array( "id" => "personal", "order" => 1, "href" => OC_Helper::linkTo( "settings", "personal.php" ), "name" => $l->t("Personal"), "icon" => OC_Helper::imagePath( "settings", "personal.svg" ));
-
+			
 			// if there're some settings forms
 			if(!empty(self::$settingsForms))
 				// settings menu
 				$settings[]=array( "id" => "settings", "order" => 1000, "href" => OC_Helper::linkTo( "settings", "settings.php" ), "name" => $l->t("Settings"), "icon" => OC_Helper::imagePath( "settings", "settings.svg" ));
-
-			// if the user is an admin
-			if(OC_Group::inGroup( $_SESSION["user_id"], "admin" )) {
+			
+			//SubAdmins are also allowed to access user management
+			if(OC_SubAdmin::isSubAdmin($_SESSION["user_id"]) || OC_Group::inGroup( $_SESSION["user_id"], "admin" )){
 				// admin users menu
 				$settings[] = array( "id" => "core_users", "order" => 2, "href" => OC_Helper::linkTo( "settings", "users.php" ), "name" => $l->t("Users"), "icon" => OC_Helper::imagePath( "settings", "users.svg" ));
+			}
+			
+			
+			// if the user is an admin
+			if(OC_Group::inGroup( $_SESSION["user_id"], "admin" )) {
 				// admin apps menu
 				$settings[] = array( "id" => "core_apps", "order" => 3, "href" => OC_Helper::linkTo( "settings", "apps.php" ).'?installed', "name" => $l->t("Apps"), "icon" => OC_Helper::imagePath( "settings", "apps.svg" ));
 

lib/group.php

@@ -271,4 +271,17 @@ class OC_Group {
 		}
 		return $users;
 	}
+	
+	/**
+	 * @brief get a list of all users in several groups
+	 * @param array $gids
+	 * @returns array with user ids
+	 */
+	public static function usersInGroups($gids){
+		$users = array();
+		foreach($gids as $gid){
+			$users = array_merge(array_diff(self::usersInGroup($gid), $users), $users);
+		}
+		return $users;
+	}
 }

lib/json.php

@@ -64,6 +64,18 @@ class OC_JSON{
 			exit();
 		}
 	}
+        
+	/**
+	* Check if the user is a subadmin, send json error msg if not
+	*/
+	public static function checkSubAdminUser(){
+		self::checkLoggedIn();
+		if(!OC_Group::inGroup(OC_User::getUser(),'admin') && !OC_SubAdmin::isSubAdmin(OC_User::getUser())){
+			$l = OC_L10N::get('core');
+			self::error(array( 'data' => array( 'message' => $l->t('Authentication error') )));
+			exit();
+		}
+	}
 
 	/**
 	* Send json error msg

lib/subadmin.php

@@ -0,0 +1,181 @@
+<?php
+/**
+ * ownCloud
+ *
+ * @author Georg Ehrke
+ * @copyright 2012 Georg Ehrke 
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU AFFERO GENERAL PUBLIC LICENSE for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public
+ * License along with this library.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+OC_Hook::connect('OC_User', 'post_deleteUser', 'OC_SubAdmin', 'post_deleteUser');
+OC_Hook::connect('OC_User', 'post_deleteGroup', 'OC_SubAdmin', 'post_deleteGroup');
+/**
+ * This class provides all methods needed for managing groups.
+ *
+ * Hooks provided:
+ *   post_createSubAdmin($gid)
+ *   post_deleteSubAdmin($gid)
+ */
+class OC_SubAdmin{
+
+	/**
+	 * @brief add a SubAdmin
+	 * @param $uid uid of the SubAdmin
+	 * @param $gid gid of the group
+	 * @return boolean
+	 */
+	public static function createSubAdmin($uid, $gid){
+		$stmt = OC_DB::prepare('INSERT INTO *PREFIX*group_admin (gid,uid) VALUES(?,?)');
+		$result = $stmt->execute(array($gid, $uid));
+		OC_Hook::emit( "OC_SubAdmin", "post_createSubAdmin", array( "gid" => $gid ));
+		return true;
+	}
+
+	/**
+	 * @brief delete a SubAdmin
+	 * @param $uid uid of the SubAdmin
+	 * @param $gid gid of the group
+	 * @return boolean
+	 */
+	public static function deleteSubAdmin($uid, $gid){
+		$stmt = OC_DB::prepare('DELETE FROM *PREFIX*group_admin WHERE gid = ? AND uid = ?');
+		$result = $stmt->execute(array($gid, $uid));
+		OC_Hook::emit( "OC_SubAdmin", "post_deleteSubAdmin", array( "gid" => $gid ));
+		return true;
+	}
+
+	/**
+	 * @brief get groups of a SubAdmin
+	 * @param $uid uid of the SubAdmin
+	 * @return array
+	 */
+	public static function getSubAdminsGroups($uid){
+		$stmt = OC_DB::prepare('SELECT gid FROM *PREFIX*group_admin WHERE uid = ?');
+		$result = $stmt->execute(array($uid));
+		$gids = array();
+		while($row = $result->fetchRow()){
+			$gids[] = $row['gid'];
+		}
+		return $gids;
+	}
+
+	/**
+	 * @brief get SubAdmins of a group
+	 * @param $gid gid of the group
+	 * @return array
+	 */
+	public static function getGroupsSubAdmins($gid){
+		$stmt = OC_DB::prepare('SELECT uid FROM *PREFIX*group_admin WHERE gid = ?');
+		$result = $stmt->execute(array($gid));
+		$uids = array();
+		while($row = $result->fetchRow()){
+			$uids[] = $row['uid'];
+		}
+		return $uids;
+	}
+	
+	/**
+	 * @brief get all SubAdmins
+	 * @return array
+	 */
+	public static function getAllSubAdmins(){
+		$stmt = OC_DB::prepare('SELECT * FROM *PREFIX*group_admin');
+		$result = $stmt->execute();
+		$subadmins = array();
+		while($row = $result->fetchRow()){
+			$subadmins[] = $row;
+		}
+		return $subadmins;
+	}
+	
+	/**
+	 * @brief checks if a user is a SubAdmin of a group
+	 * @param $uid uid of the subadmin
+	 * @param $gid gid of the group
+	 * @return bool
+	 */
+	public static function isSubAdminofGroup($uid, $gid){
+		$stmt = OC_DB::prepare('SELECT COUNT(*) as count FROM *PREFIX*group_admin where uid = ? AND gid = ?');
+		$result = $stmt->execute(array($uid, $gid));
+		$result = $result->fetchRow();
+		if($result['count'] >= 1){
+			return true;
+		}
+		return false;
+	}
+	
+	/**
+	 * @brief checks if a user is a SubAdmin
+	 * @param $uid uid of the subadmin
+	 * @return bool
+	 */
+	public static function isSubAdmin($uid){
+		$stmt = OC_DB::prepare('SELECT COUNT(*) as count FROM *PREFIX*group_admin WHERE uid = ?');
+		$result = $stmt->execute(array($uid));
+		$result = $result->fetchRow();
+		if($result['count'] > 0){
+			return true;
+		}
+		return false;
+	}
+	
+	/**
+	 * @brief checks if a user is a accessible by a subadmin
+	 * @param $subadmin uid of the subadmin
+	 * @param $user uid of the user
+	 * @return bool
+	 */
+	public static function isUserAccessible($subadmin, $user){
+		if(!self::isSubAdmin($subadmin)){
+			return false;
+		}
+		$accessiblegroups = self::getSubAdminsGroups($subadmin);
+		foreach($accessiblegroups as $accessiblegroup){
+			if(OC_Group::inGroup($user, $accessiblegroup)){
+				return true;
+			}
+		}
+		return false;
+	}
+	
+	/*
+	 * @brief alias for self::isSubAdminofGroup()
+	 */
+	public static function isGroupAccessible($subadmin, $group){
+		return self::isSubAdminofGroup($subadmin, $group);
+	}
+
+	/**
+	 * @brief delete all SubAdmins by uid
+	 * @param $parameters 
+	 * @return boolean
+	 */
+	public static function post_deleteUser($parameters){
+		$stmt = OC_DB::prepare('DELETE FROM *PREFIX*group_admin WHERE uid = ?');
+		$result = $stmt->execute(array($parameters['uid']));
+		return true;
+	}
+
+	/**
+	 * @brief delete all SubAdmins8 by gid
+	 * @param $parameters
+	 * @return boolean
+	 */
+	public static function post_deleteGroup($parameters){
+		$stmt = OC_DB::prepare('DELETE FROM *PREFIX*group_admin WHERE gid = ?');
+		$result = $stmt->execute(array($parameters['gid']));
+		return true;
+	}
+}

lib/util.php

@@ -66,7 +66,7 @@ class OC_Util {
 	 * @return array
 	 */
 	public static function getVersion(){
-		return array(4,80,1);
+		return array(4,81,2);
 	}
 
 	/**
@@ -318,6 +318,23 @@ class OC_Util {
 		}
 	}
 
+	/**
+	* Check if the user is a subadmin, redirects to home if not
+	* @return array $groups where the current user is subadmin
+	*/
+	public static function checkSubAdminUser(){
+		// Check if we are a user
+		self::checkLoggedIn();
+		if(OC_Group::inGroup(OC_User::getUser(),'admin')){
+			return true;
+		}
+		if(!OC_SubAdmin::isSubAdmin(OC_User::getUser())){
+			header( 'Location: '.OC_Helper::linkToAbsolute( '', 'index.php' ));
+			exit();
+		}
+		return true;
+	}
+
 	/**
 	* Redirect to the user default page
 	*/

settings/ajax/changepassword.php

@@ -11,7 +11,18 @@ $oldPassword=isset($_POST["oldpassword"])?$_POST["oldpassword"]:'';
 OC_JSON::checkLoggedIn();
 OCP\JSON::callCheck();
 
-if( (!OC_Group::inGroup( OC_User::getUser(), 'admin' ) && ($username!=OC_User::getUser() || !OC_User::checkPassword($username,$oldPassword)))) {
+$userstatus = null;
+if(OC_Group::inGroup(OC_User::getUser(), 'admin')){
+	$userstatus = 'admin';
+}
+if(OC_SubAdmin::isUserAccessible(OC_User::getUser(), $username)){
+	$userstatus = 'subadmin';
+}
+if(OC_User::getUser() == $username && OC_User::checkPassword($username,$oldPassword)){
+	$userstatus = 'user';
+}
+
+if(is_null($userstatus)){
 	OC_JSON::error( array( "data" => array( "message" => "Authentication error" )));
 	exit();
 }

settings/ajax/createuser.php

@@ -4,15 +4,33 @@
 require_once('../../lib/base.php');
 
 // Check if we are a user
-if( !OC_User::isLoggedIn() || !OC_Group::inGroup( OC_User::getUser(), 'admin' )){
+if( !OC_User::isLoggedIn() || (!OC_Group::inGroup( OC_User::getUser(), 'admin' ) && !OC_SubAdmin::isSubAdmin(OC_User::getUser()))){
 	OC_JSON::error(array("data" => array( "message" => "Authentication error" )));
 	exit();
 }
 OCP\JSON::callCheck();
 
-$groups = array();
-if( isset( $_POST["groups"] )){
-	$groups = $_POST["groups"];
+$isadmin = OC_Group::inGroup(OC_User::getUser(),'admin')?true:false;
+
+if($isadmin){
+	$groups = array();
+	if( isset( $_POST["groups"] )){
+		$groups = $_POST["groups"];
+	}
+}else{
+	if(isset( $_POST["groups"] )){
+		$groups = array();
+		foreach($_POST["groups"] as $group){
+			if(OC_SubAdmin::isGroupAccessible(OC_User::getUser(), $group)){
+				$groups[] = $group;
+			}
+		}
+		if(count($groups) == 0){
+			$groups = OC_SubAdmin::getSubAdminsGroups(OC_User::getUser());
+		}
+	}else{
+		$groups = OC_SubAdmin::getSubAdminsGroups(OC_User::getUser());
+	}
 }
 $username = $_POST["username"];
 $password = $_POST["password"];

settings/ajax/removeuser.php

@@ -3,11 +3,17 @@
 // Init owncloud
 require_once('../../lib/base.php');
 
-OC_JSON::checkAdminUser();
+OC_JSON::checkSubAdminUser();
 OCP\JSON::callCheck();
 
 $username = $_POST["username"];
 
+if(!OC_Group::inGroup(OC_User::getUser(), 'admin') && !OC_SubAdmin::isUserAccessible(OC_User::getUser(), $username)){
+	$l = OC_L10N::get('core');
+	OC_JSON::error(array( 'data' => array( 'message' => $l->t('Authentication error') )));
+	exit();
+}
+
 // Return Success story
 if( OC_User::deleteUser( $username )){
 	OC_JSON::success(array("data" => array( "username" => $username )));

settings/ajax/setquota.php

@@ -8,11 +8,17 @@
 // Init owncloud
 require_once('../../lib/base.php');
 
-OC_JSON::checkAdminUser();
+OC_JSON::checkSubAdminUser();
 OCP\JSON::callCheck();
 
 $username = isset($_POST["username"])?$_POST["username"]:'';
 
+if(($username == '' && !OC_Group::inGroup(OC_User::getUser(), 'admin')) || (!OC_Group::inGroup(OC_User::getUser(), 'admin') && !OC_SubAdmin::isUserAccessible(OC_User::getUser(), $username))){
+	$l = OC_L10N::get('core');
+	OC_JSON::error(array( 'data' => array( 'message' => $l->t('Authentication error') )));
+	exit();
+}
+
 //make sure the quota is in the expected format
 $quota=$_POST["quota"];
 if($quota!='none' and $quota!='default'){

settings/ajax/togglegroups.php

@@ -3,7 +3,7 @@
 // Init owncloud
 require_once('../../lib/base.php');
 
-OC_JSON::checkAdminUser();
+OC_JSON::checkSubAdminUser();
 OCP\JSON::callCheck();
 
 $success = true;
@@ -13,6 +13,12 @@ $action = "add";
 $username = $_POST["username"];
 $group = OC_Util::sanitizeHTML($_POST["group"]);
 
+if(!OC_Group::inGroup(OC_User::getUser(), 'admin') && (!OC_SubAdmin::isUserAccessible(OC_User::getUser(), $username) || !OC_SubAdmin::isGroupAccessible(OC_User::getUser(), $group))){
+	$l = OC_L10N::get('core');
+	OC_JSON::error(array( 'data' => array( 'message' => $l->t('Authentication error') )));
+	exit();
+}
+
 if(!OC_Group::groupExists($group)){
 	OC_Group::createGroup($group);
 }

settings/ajax/togglesubadmins.php

@@ -0,0 +1,19 @@
+<?php
+
+// Init owncloud
+require_once('../../lib/base.php');
+
+OC_JSON::checkAdminUser();
+OCP\JSON::callCheck();
+
+$username = $_POST["username"];
+$group = OC_Util::sanitizeHTML($_POST["group"]);
+
+// Toggle group
+if(OC_SubAdmin::isSubAdminofGroup($username, $group)){
+	OC_SubAdmin::deleteSubAdmin($username, $group);
+}else{
+	OC_SubAdmin::createSubAdmin($username, $group);
+}
+
+OC_JSON::success();

settings/js/users.js

@@ -85,16 +85,62 @@ $(document).ready(function(){
 	function applyMultiplySelect(element){
 		var checked=[];
 		var user=element.data('username');
-		if(element.data('userGroups')){
-			checked=element.data('userGroups').split(', ');
+		if($(element).attr('class') == 'groupsselect'){		
+			if(element.data('userGroups')){
+				checked=element.data('userGroups').split(', ');
+			}
+			if(user){
+				var checkHandeler=function(group){
+					if(user==OC.currentUser && group=='admin'){
+						return false;
+					}
+					if(!isadmin && checked.length == 1 && checked[0] == group){
+						return false;
+					}
+					$.post(
+						OC.filePath('settings','ajax','togglegroups.php'),
+						{
+							username:user,
+							group:group
+						},
+						function(){}
+					);
+				};
+			}else{
+				checkHandeler=false;
+			}
+			var addGroup = function(group) {
+				$('select[multiple]').each(function(index, element) {
+					if ($(element).find('option[value="'+group +'"]').length == 0) {
+						$(element).append('<option value="'+group+'">'+group+'</option>');
+					}
+				})
+			};
+			var label;
+			if(isadmin){
+				label = t('files', 'add group');
+			}else{
+				label = null;
+			}
+			element.multiSelect({
+				createCallback:addGroup,
+				createText:label,
+				checked:checked,
+				oncheck:checkHandeler,
+				onuncheck:checkHandeler,
+				minWidth: 100,
+			});
 		}
-		if(user){
+		if($(element).attr('class') == 'subadminsselect'){	
+			if(element.data('subadmin')){
+				checked=element.data('subadmin').split(', ');
+			}
 			var checkHandeler=function(group){
-				if(user==OC.currentUser && group=='admin'){
+				if(group=='admin'){
 					return false;
 				}
 				$.post(
-					OC.filePath('settings','ajax','togglegroups.php'),
+					OC.filePath('settings','ajax','togglesubadmins.php'),
 					{
 						username:user,
 						group:group
@@ -102,24 +148,23 @@ $(document).ready(function(){
 					function(){}
 				);
 			};
-		}else{
-			checkHandeler=false;
+			
+			var addSubAdmin = function(group) {
+				$('select[multiple]').each(function(index, element) {
+					if ($(element).find('option[value="'+group +'"]').length == 0) {
+						$(element).append('<option value="'+group+'">'+group+'</option>');
+					}
+				})
+			};
+			element.multiSelect({
+				createCallback:addSubAdmin,
+				createText:null,
+				checked:checked,
+				oncheck:checkHandeler,
+				onuncheck:checkHandeler,
+				minWidth: 100,
+			});
 		}
-		var addGroup = function(group) {
-			$('select[multiple]').each(function(index, element) {
-				if ($(element).find('option[value="'+group +'"]').length == 0) {
-					$(element).append('<option value="'+group+'">'+group+'</option>');
-				}
-			})
-		};
-		element.multiSelect({
-			createCallback:addGroup,
-			createText:'add group',
-			checked:checked,
-			oncheck:checkHandeler,
-			onuncheck:checkHandeler,
-			minWidth: 100,
-		});
 	}
 	$('select[multiple]').each(function(index,element){
 		applyMultiplySelect($(element));
@@ -254,12 +299,13 @@ $(document).ready(function(){
 					OC.dialogs.alert(result.data.message, 'Error creating user');
 				}
 				else {
+					groups = result.data.groups;
 					var tr=$('#content table tbody tr').first().clone();
 					tr.attr('data-uid',username);
 					tr.find('td.name').text(username);
-					var select=$('<select multiple="multiple" data-placehoder="Groups" title="Groups">');
+					var select=$('<select multiple="multiple" class="groupsselect" data-placehoder="Groups" title="Groups">');
 					select.data('username',username);
-					select.data('userGroups',groups.join(', '));
+					select.data('userGroups',groups);
 					tr.find('td.groups').empty();
 					var allGroups=$('#content table').data('groups').split(', ');
 					for(var i=0;i<groups.length;i++){

settings/templates/users.php

@@ -1,20 +1,27 @@
-<?php /**
+<?php
+/**
  * Copyright (c) 2011, Robin Appelman <icewind1991@gmail.com>
  * This file is licensed under the Affero General Public License version 3 or later.
  * See the COPYING-README file.
  */
-
 $allGroups=array();
 foreach($_["groups"] as $group) {
-	$allGroups[]=$group['name'];
+	$allGroups[] = $group['name'];
 }
+$_['subadmingroups'] = $allGroups;
+$items = array_flip($_['subadmingroups']);
+unset($items['admin']);
+$_['subadmingroups'] = array_flip($items);
 ?>
-
+<script>
+var isadmin = <?php echo $_['isadmin']?'true':'false'; ?>;
+</script>
 <div id="controls">
 	<form id="newuser">
 		<input id="newusername" placeholder="<?php echo $l->t('Name')?>" /> <input
 			type="password" id="newuserpassword"
 			placeholder="<?php echo $l->t('Password')?>" /> <select
+			class="groupsselect"
 			id="newusergroups" data-placeholder="groups"
 			title="<?php echo $l->t('Groups')?>" multiple="multiple">
 			<?php foreach($_["groups"] as $group): ?>
@@ -27,6 +34,7 @@ foreach($_["groups"] as $group) {
 	<div class="quota">
 		<span><?php echo $l->t('Default Quota');?>:</span>
 		<div class="quota-select-wrapper">
+			<?php if((bool) $_['isadmin']): ?>
 			<select class='quota'>
 				<?php foreach($_['quota_preset'] as $preset):?>
 				<?php if($preset!='default'):?>
@@ -48,6 +56,14 @@ foreach($_["groups"] as $group) {
 					...
 				</option>
 			</select> <input class='quota-other'></input>
+			<?php endif; ?>
+			<?php if((bool) !$_['isadmin']): ?>
+				<select class='quota' disabled="disabled">
+					<option selected="selected">
+				<?php echo $_['default_quota'];?>
+					</option>
+				</select>
+			<?php endif; ?>
 		</div>
 	</div>
 </div>
@@ -60,6 +76,9 @@ foreach($_["groups"] as $group) {
 			<th id='headerName'><?php echo $l->t('Name')?></th>
 			<th id="headerPassword"><?php echo $l->t( 'Password' ); ?></th>
 			<th id="headerGroups"><?php echo $l->t( 'Groups' ); ?></th>
+			<?php if(is_array($_['subadmins']) || $_['subadmins']): ?>
+			<th id="headerSubAdmins"><?php echo $l->t('SubAdmin'); ?></th>
+			<?php endif;?>
 			<th id="headerQuota"><?php echo $l->t( 'Quota' ); ?></th>
 			<th id="headerRemove">&nbsp;</th>
 		</tr>
@@ -70,9 +89,10 @@ foreach($_["groups"] as $group) {
 			<td class="name"><?php echo $user["name"]; ?></td>
 			<td class="password"><span>●●●●●●●</span> <img class="svg action"
 				src="<?php echo image_path('core','actions/rename.svg')?>"
-				alt="set new password" title="set new password" />
+				alt="set new password" title="set new password"/>
 			</td>
 			<td class="groups"><select
+				class="groupsselect"
 				data-username="<?php echo $user['name'] ;?>"
 				data-user-groups="<?php echo $user['groups'] ;?>"
 				data-placeholder="groups" title="<?php echo $l->t('Groups')?>"
@@ -84,6 +104,21 @@ foreach($_["groups"] as $group) {
 					<?php endforeach;?>
 			</select>
 			</td>
+			<?php if(is_array($_['subadmins']) || $_['subadmins']): ?>
+			<td class="subadmins"><select
+				class="subadminsselect"
+				data-username="<?php echo $user['name'] ;?>"
+				data-subadmin="<?php echo $user['subadmin'] ;?>"
+				data-placeholder="subadmins" title="<?php echo $l->t('SubAdmin for ...')?>"
+				multiple="multiple">
+					<?php foreach($_["subadmingroups"] as $group): ?>
+					<option value="<?php echo $group;?>">
+						<?php echo $group;?>
+					</option>
+					<?php endforeach;?>
+			</select>
+			</td>
+			<?php endif;?>
 			<td class="quota">
 				<div class="quota-select-wrapper">
 					<select class='quota-user'>

settings/users.php

@@ -6,7 +6,7 @@
  */
 
 require_once('../lib/base.php');
-OC_Util::checkAdminUser();
+OC_Util::checkSubAdminUser();
 
 // We have some javascript foo!
 OC_Util::addScript( 'settings', 'users' );
@@ -17,11 +17,22 @@ OC_App::setActiveNavigationEntry( 'core_users' );
 $users = array();
 $groups = array();
 
-foreach( OC_User::getUsers() as $i ){
-	$users[] = array( "name" => $i, "groups" => join( ", ", OC_Group::getUserGroups( $i ) ),'quota'=>OC_Preferences::getValue($i,'files','quota','default'));
+$isadmin = OC_Group::inGroup(OC_User::getUser(),'admin')?true:false;
+if($isadmin){
+	$accessiblegroups = OC_Group::getGroups();
+	$accessibleusers = OC_User::getUsers();
+	$subadmins = OC_SubAdmin::getAllSubAdmins();
+}else{
+	$accessiblegroups = OC_SubAdmin::getSubAdminsGroups(OC_User::getUser());
+	$accessibleusers = OC_Group::usersInGroups($accessiblegroups);
+	$subadmins = false;
 }
 
-foreach( OC_Group::getGroups() as $i ){
+foreach($accessibleusers as $i){
+	$users[] = array( "name" => $i, "groups" => join( ", ", /*array_intersect(*/OC_Group::getUserGroups($i)/*, OC_SubAdmin::getSubAdminsGroups(OC_User::getUser()))*/),'quota'=>OC_Preferences::getValue($i,'files','quota','default'),'subadmin'=>implode(', ',OC_SubAdmin::getSubAdminsGroups($i)));
+}
+
+foreach( $accessiblegroups as $i ){
 	// Do some more work here soon
 	$groups[] = array( "name" => $i );
 }
@@ -44,6 +55,9 @@ if (\OC_App::isEnabled( "files_sharing" ) ) {
 $tmpl = new OC_Template( "settings", "users", "user" );
 $tmpl->assign( "users", $users );
 $tmpl->assign( "groups", $groups );
+$tmpl->assign( 'isadmin', (int) $isadmin);
+$tmpl->assign( 'subadmins', $subadmins);
+$tmpl->assign( 'numofgroups', count($accessiblegroups));
 $tmpl->assign( 'quota_preset', $quotaPreset);
 $tmpl->assign( 'default_quota', $defaultQuota);
 $tmpl->assign( 'share_notice', $shareNotice);