I was updating my User Manager repository to work with Uer permissions, and I think I encountered a bug (or a left over code from previous version) in the edit for the User Model in the panel, it will prevent non admins that have the permission to edit users from editing them, thought I might give you a heads up.
This is your function
public function update($data = array()) {
// create the user update event
$event = $this->event('update:action');
// check for update permissions
$event->check();
// keep the old state of the user object
$old = clone $this;
// THIS LINE SEEMS TO BE LEFT OVER
if(!panel()->user()->isAdmin() and !$this->isCurrent()) {
throw new Exception(l('users.form.error.update.rights'));
}
// users which are not an admin cannot change their role
if(!panel()->user()->isAdmin()) {
unset($data['role']);
}
if(str::length(a::get($data, 'password')) > 0) {
if(a::get($data, 'password') !== a::get($data, 'passwordconfirmation')) {
throw new Exception(l('users.form.error.password.confirm'));
}
} else {
unset($data['password']);
}
unset($data['passwordconfirmation']);
if($this->isLastAdmin() and a::get($data, 'role') !== 'admin') {
// check the number of left admins to not convert the last one
throw new Exception(l('user.error.lastadmin'));
}
parent::update($data);
// flush the cache in case if the user data is
// used somewhere on the site (i.e. for profiles)
kirby()->cache()->flush();
kirby()->trigger($event, [$this, $old]);
return $this;
}
I marked the extra line with //THIS LINE SEEMS TO BE LEFT OVER.
I didn’t open a bug report yet since I didn’t actually have time to test it (Sorry, I’m working) and I might forget to later…
Cheers!