Only redirect for save and user does not have core.manage permission (#42872)

joomdonation · web-flow · commit d272577bbbc6 · 2024-02-25T03:36:57.000+01:00
diff --git a/administrator/components/com_users/src/Controller/UserController.php b/administrator/components/com_users/src/Controller/UserController.php
@@ -118,8 +118,8 @@ public function save($key = null, $urlVar = null)
         }
 
         // If a user has to renew a password but has no permission for users
-        if (!$this->app->getIdentity()->authorise('core.admin', 'com_users')) {
-            $this->setRedirect('index.php');
+        if ($task === 'save' && !$this->app->getIdentity()->authorise('core.manage', 'com_users')) {
+            $this->setRedirect(Uri::base());
         }
 
         return $result;

Original file line number	Diff line number	Diff line change
`@@ -118,8 +118,8 @@ public function save($key = null, $urlVar = null)`
`118`	`118`	`}`
`119`	`119`
`120`	`120`	`// If a user has to renew a password but has no permission for users`
`121`		`- if (!$this->app->getIdentity()->authorise('core.admin', 'com_users')) {`
`122`		`- $this->setRedirect('index.php');`
	`121`	`+ if ($task === 'save' && !$this->app->getIdentity()->authorise('core.manage', 'com_users')) {`
	`122`	`+ $this->setRedirect(Uri::base());`
`123`	`123`	`}`
`124`	`124`
`125`	`125`	`return $result;`