From 1e20e082fe355d822a98ccc467767ea02171e571 Mon Sep 17 00:00:00 2001
From: Regis Houssin <regis.houssin@inodbox.com>
Date: Tue, 9 Nov 2021 18:36:04 +0100
Subject: [PATCH 1/3] FIX lost superadmin grade after edit user card !

---
 htdocs/user/card.php             | 8 ++++++--
 htdocs/user/class/user.class.php | 4 +++-
 2 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/htdocs/user/card.php b/htdocs/user/card.php
index 8622e293906..cfa89120053 100644
--- a/htdocs/user/card.php
+++ b/htdocs/user/card.php
@@ -450,11 +450,15 @@ if (empty($reshook)) {
 				// Do we update also ->entity ?
 				if (!empty($conf->multicompany->enabled)) {	// If multicompany is not enabled, we never update the entity of a user.
 					if (!empty($conf->global->MULTICOMPANY_TRANSVERSE_MODE)) {
-						$object->entity = 1; // all users are in master entity
+						if (GETPOST('superadmin', 'int') === 1) {
+							$object->entity = 0;
+						} else {
+							$object->entity = 1; // all users are in master entity
+						}
 					} else {
 						// A user should not be able to move a user into another entity. Only superadmin should be able to do this.
 						if ($user->entity == 0 && $user->admin) {
-							if (GETPOST("superadmin")) {
+							if (GETPOST('superadmin', 'int')) {
 								// We try to set the user as superadmin.
 								$object->entity = 0;
 							} else {
diff --git a/htdocs/user/class/user.class.php b/htdocs/user/class/user.class.php
index 9540f082a4c..09bb34ddef3 100644
--- a/htdocs/user/class/user.class.php
+++ b/htdocs/user/class/user.class.php
@@ -1773,7 +1773,9 @@ class User extends CommonObject
 			$sql .= ", salaryextra= ".($this->salaryextra != '' ? "'".$this->db->escape($this->salaryextra)."'" : "null");
 		}
 		$sql .= ", weeklyhours= ".($this->weeklyhours != '' ? "'".$this->db->escape($this->weeklyhours)."'" : "null");
-		$sql .= ", entity = ".((int) $this->entity);
+		if (!empty($user->admin) && empty($user->entity) && $user->id != $this->id) {
+			$sql .= ", entity = ".((int) $this->entity); // entity flag can be set/unset only by an another superadmin user
+		}
 		$sql .= ", default_range = ".($this->default_range > 0 ? $this->default_range : 'null');
 		$sql .= ", default_c_exp_tax_cat = ".($this->default_c_exp_tax_cat > 0 ? $this->default_c_exp_tax_cat : 'null');
 		$sql .= ", fk_warehouse = ".($this->fk_warehouse > 0 ? $this->fk_warehouse : "null");

From 5649e865c3e6cefa8e324769d663c1225a1125ef Mon Sep 17 00:00:00 2001
From: Regis Houssin <regis.houssin@inodbox.com>
Date: Tue, 9 Nov 2021 18:38:29 +0100
Subject: [PATCH 2/3] FIX wrong check

---
 htdocs/user/card.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/htdocs/user/card.php b/htdocs/user/card.php
index cfa89120053..dec885e11eb 100644
--- a/htdocs/user/card.php
+++ b/htdocs/user/card.php
@@ -450,7 +450,7 @@ if (empty($reshook)) {
 				// Do we update also ->entity ?
 				if (!empty($conf->multicompany->enabled)) {	// If multicompany is not enabled, we never update the entity of a user.
 					if (!empty($conf->global->MULTICOMPANY_TRANSVERSE_MODE)) {
-						if (GETPOST('superadmin', 'int') === 1) {
+						if (GETPOST('superadmin', 'int')) {
 							$object->entity = 0;
 						} else {
 							$object->entity = 1; // all users are in master entity

From 5eff0e7a0c996a16bb5b2805f77bcec9bfb814c6 Mon Sep 17 00:00:00 2001
From: Regis Houssin <regis.houssin@inodbox.com>
Date: Thu, 11 Nov 2021 17:48:23 +0100
Subject: [PATCH 3/3] FIX only a superadmin can modify entity

---
 htdocs/user/card.php | 24 ++++++++----------------
 1 file changed, 8 insertions(+), 16 deletions(-)

diff --git a/htdocs/user/card.php b/htdocs/user/card.php
index dec885e11eb..68218ab16bd 100644
--- a/htdocs/user/card.php
+++ b/htdocs/user/card.php
@@ -448,23 +448,15 @@ if (empty($reshook)) {
 				$object->lang = GETPOST('default_lang', 'aZ09');
 
 				// Do we update also ->entity ?
-				if (!empty($conf->multicompany->enabled)) {	// If multicompany is not enabled, we never update the entity of a user.
-					if (!empty($conf->global->MULTICOMPANY_TRANSVERSE_MODE)) {
-						if (GETPOST('superadmin', 'int')) {
-							$object->entity = 0;
-						} else {
-							$object->entity = 1; // all users are in master entity
-						}
+				if (!empty($conf->multicompany->enabled && $user->entity == 0 && !empty($user->admin))) {	// If multicompany is not enabled, we never update the entity of a user.
+					if (GETPOST('superadmin', 'int')) {
+						$object->entity = 0;
 					} else {
-						// A user should not be able to move a user into another entity. Only superadmin should be able to do this.
-						if ($user->entity == 0 && $user->admin) {
-							if (GETPOST('superadmin', 'int')) {
-								// We try to set the user as superadmin.
-								$object->entity = 0;
-							} else {
-								// We try to change the entity of user
-								$object->entity = (GETPOSTISSET('entity') ? GETPOSTINT('entity') : $object->entity);
-							}
+						if (!empty($conf->global->MULTICOMPANY_TRANSVERSE_MODE)) {
+							$object->entity = 1; // all users are in master entity
+						} else {
+							// We try to change the entity of user
+							$object->entity = (GETPOSTISSET('entity') ? GETPOSTINT('entity') : $object->entity);
 						}
 					}
 				}