From 0b732f2ef0224e2aaf10e2e1ef48dbd3fb6e10cd Mon Sep 17 00:00:00 2001
From: Simon Urli <simon.urli@xwiki.com>
Date: Thu, 9 Jun 2022 14:40:38 +0200
Subject: [PATCH] XWIKI-19804: Bulletproof user API

---
 .../src/main/java/com/xpn/xwiki/api/User.java                 | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/xwiki-platform-core/xwiki-platform-oldcore/src/main/java/com/xpn/xwiki/api/User.java b/xwiki-platform-core/xwiki-platform-oldcore/src/main/java/com/xpn/xwiki/api/User.java
index c2f55f1b19af..c81b109e4c94 100644
--- a/xwiki-platform-core/xwiki-platform-oldcore/src/main/java/com/xpn/xwiki/api/User.java
+++ b/xwiki-platform-core/xwiki-platform-oldcore/src/main/java/com/xpn/xwiki/api/User.java
@@ -92,7 +92,9 @@ public XWikiUser getUser()
      */
     public void setDisabledStatus(boolean disabledStatus)
     {
-        this.user.setDisabled(disabledStatus, getXWikiContext());
+        if (hasAdminRights()) {
+            this.user.setDisabled(disabledStatus, getXWikiContext());
+        }
     }
 
     /**