From 412a1e14531c91dd2a2d4dd64d61d070d1467661 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?S=C3=A9bastien=20NASSIET?=
 <109105553+comaiteseb@users.noreply.github.com>
Date: Fri, 3 Mar 2023 18:26:00 +0100
Subject: [PATCH 1/2] FIX impossible to edit user if you are admin

Line 128 surcharged the line 111 even if you ard admin ou user->user->write.
So I was impossible to update user card if it was not yours...
---
 htdocs/user/card.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/htdocs/user/card.php b/htdocs/user/card.php
index 08c2defd546..af1e198dcc3 100644
--- a/htdocs/user/card.php
+++ b/htdocs/user/card.php
@@ -125,7 +125,7 @@ if ($user->id != $id && !$canreaduser) {
 // Define value to know what current user can do on properties of edited user
 if ($id > 0) {
 	// $user is the current logged user, $id is the user we want to edit
-	$canedituser = (($user->id == $id) && $user->hasRight("user", "self", "write"));	// can edit myself
+	$canedituser = (($user->id == $id) && $user->hasRight("user", "self", "write")) || (!empty($user->admin) || $user->hasRight("user", "user", "write"));  // can edit myself
 	$caneditfield = ((($user->id == $id) && $user->hasRight("user", "self", "write")) || (($user->id != $id) && $user->hasRight("user", "user", "write")));
 	$caneditpassword = ((($user->id == $id) && $user->hasRight("user", "self", "password")) || (($user->id != $id) && $user->hasRight("user", "user", "password")));
 }

From 39ddd5368e939c4d04344511a1cf5c0df41756a7 Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Sat, 4 Mar 2023 15:02:04 +0100
Subject: [PATCH 2/2] Update card.php

---
 htdocs/user/card.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/htdocs/user/card.php b/htdocs/user/card.php
index af1e198dcc3..2a6b8a813be 100644
--- a/htdocs/user/card.php
+++ b/htdocs/user/card.php
@@ -125,7 +125,7 @@ if ($user->id != $id && !$canreaduser) {
 // Define value to know what current user can do on properties of edited user
 if ($id > 0) {
 	// $user is the current logged user, $id is the user we want to edit
-	$canedituser = (($user->id == $id) && $user->hasRight("user", "self", "write")) || (!empty($user->admin) || $user->hasRight("user", "user", "write"));  // can edit myself
+	$canedituser = (($user->id == $id) && $user->hasRight("user", "self", "write")) || (($user->id != $id) && $user->hasRight("user", "user", "write"));
 	$caneditfield = ((($user->id == $id) && $user->hasRight("user", "self", "write")) || (($user->id != $id) && $user->hasRight("user", "user", "write")));
 	$caneditpassword = ((($user->id == $id) && $user->hasRight("user", "self", "password")) || (($user->id != $id) && $user->hasRight("user", "user", "password")));
 }