Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

Appearance settings

Finding users - possible access inconsistencies #1552

Copy link
Copy link
Closed
@adrianbj

Description

@adrianbj
Issue body actions

Short description of the issue

I am not sure if the behavior I am seeing is a bug or expected, but the screenshots will clarify.

Expected behavior

I am not actually certain, but I think my main surprise is how $pages->findOne('id=2261') (as NON superuser) doesn't return the user, but $pages->findOne(2261) does return it. I assumed the check_access would be required whenever using $pages instead of $users.

I am also a little surprised about the difference where $users->get(13160) returns the trashed user, but $users->get('id=13160') doesn't.

Note that I often end up using $pages with check_access for a couple of reasons. The main one is to avoid returning trashed users (but maybe that's not necessary if I remember to always add the id= to the $users->get. The other reasons is to use findMany(), although that's not really relevant to this discussion.

Actual behavior

See the screenshots below. Note that there are 4 runs in total, two as a superuser and 2 as a non-superuser. And within those, one is a published user and the other is a trashed user.

Optional: Screenshots/Links that demonstrate the issue

RUN AS A SUPERUSER

Trashed User

image

Published User

image

RUN AS A NON SUPERUSER

Trashed User

image

Published User

image

Metadata

Metadata

Assignees

No one assigned

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions

      Morty Proxy This is a proxified and sanitized view of the page, visit original site.