+function delegate_post(App $a)
+{
+ if (!local_user()) {
+ return;
+ }
+
+ if (count($a->user) && x($a->user, 'uid') && $a->user['uid'] != local_user()) {
+ notice(L10n::t('Permission denied.') . EOL);
+ return;
+ }
+
+ check_form_security_token_redirectOnErr('/delegate', 'delegate');
+
+ $parent_uid = defaults($_POST, 'parent_user', 0);
+ $parent_password = defaults($_POST, 'parent_password', '');
+
+ if ($parent_uid != 0) {
+ $user = dba::selectFirst('user', ['nickname'], ['uid' => $parent_uid]);
+ if (!DBM::is_result($user)) {
+ notice(L10n::t('Parent user not found.') . EOL);
+ return;
+ }
+
+ $success = User::authenticate($user['nickname'], trim($parent_password));
+ if (!$success) {
+ notice(L10n::t('Permission denied.') . EOL);
+ return;
+ }
+ }
+
+ dba::update('user', ['parent-uid' => $parent_uid], ['uid' => local_user()]);
+}
+