diff --git a/CHANGELOG.md b/CHANGELOG.md index 87e107cf9d8..ca324abe17f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,7 @@ - Fixed a bug where element index result counts weren’t getting updated when the element list was refreshed but pagination was preserved. ([#15367](https://github.com/craftcms/cms/issues/15367)) - Fixed a PHP error that occurred when making a field layout component conditional on a Time or CKEditor field. ([craftcms/ckeditor#267](https://github.com/craftcms/ckeditor/issues/267)) +- Fixed an error that occurred when editing a user via a slideout, if the current user didn’t have permission to edit the primary site. ([#15408](https://github.com/craftcms/cms/issues/15408)) ## 4.10.6 - 2024-07-16 diff --git a/src/controllers/ElementsController.php b/src/controllers/ElementsController.php index 2900c607124..9268f615456 100644 --- a/src/controllers/ElementsController.php +++ b/src/controllers/ElementsController.php @@ -1863,25 +1863,9 @@ private function _element( $elementId = $elementId ?? $this->_elementId; $elementUid = $elementUid ?? $this->_elementUid; - $sitesService = Craft::$app->getSites(); $elementsService = Craft::$app->getElements(); $user = static::currentUser(); - if ($this->_siteId) { - $site = $sitesService->getSiteById($this->_siteId, true); - if (!$site) { - throw new BadRequestHttpException("Invalid side ID: $this->_siteId"); - } - if (Craft::$app->getIsMultiSite() && !$user->can("editSite:$site->uid")) { - throw new ForbiddenHttpException('User not authorized to edit content for this site.'); - } - } else { - $site = Cp::requestedSite(); - if (!$site) { - throw new ForbiddenHttpException('User not authorized to edit content in any sites.'); - } - } - if ($this->_elementType) { $elementType = $this->_elementType; } elseif ($elementId || $elementUid) { @@ -1901,12 +1885,31 @@ private function _element( /** @phpstan-var class-string|ElementInterface $elementType */ $this->_validateElementType($elementType); - if ($strictSite) { - $siteId = $site->id; - $preferSites = null; + if ($elementType::isLocalized()) { + if ($this->_siteId) { + $site = Craft::$app->getSites()->getSiteById($this->_siteId, true); + if (!$site) { + throw new BadRequestHttpException("Invalid side ID: $this->_siteId"); + } + if (Craft::$app->getIsMultiSite() && !$user->can("editSite:$site->uid")) { + throw new ForbiddenHttpException('User not authorized to edit content for this site.'); + } + } else { + $site = Cp::requestedSite(); + if (!$site) { + throw new ForbiddenHttpException('User not authorized to edit content in any sites.'); + } + } + + if ($strictSite) { + $siteId = $site->id; + $preferSites = null; + } else { + $siteId = Craft::$app->getSites()->getEditableSiteIds(); + $preferSites = [$site->id]; + } } else { - $siteId = $sitesService->getEditableSiteIds(); - $preferSites = [$site->id]; + $siteId = $preferSites = null; } // Loading an existing element? @@ -1942,7 +1945,7 @@ private function _element( throw new ForbiddenHttpException('User not authorized to edit this element.'); } - if (!$strictSite && $element->siteId !== $site->id) { + if (!$strictSite && isset($site) && $element->siteId !== $site->id) { return $this->redirect($element->getCpEditUrl()); } @@ -1955,7 +1958,7 @@ private function _elementById( bool $checkForProvisionalDraft, string $elementType, User $user, - int|array $siteId, + int|array|null $siteId, ?array $preferSites, ): ?ElementInterface { /** @var string|ElementInterface $elementType */