diff --git a/administrator/components/com_users/src/Controller/UserController.php b/administrator/components/com_users/src/Controller/UserController.php
index 2b29efc30708a..7015d435a9577 100644
--- a/administrator/components/com_users/src/Controller/UserController.php
+++ b/administrator/components/com_users/src/Controller/UserController.php
@@ -53,6 +53,12 @@ protected function allowEdit($data = array(), $key = 'id')
}
}
+ // Allow users to edit their own account
+ if (isset($data[$key]) && (int) $this->app->getIdentity()->id === (int) $data[$key])
+ {
+ return true;
+ }
+
return parent::allowEdit($data, $key);
}
@@ -85,6 +91,38 @@ public function cancel($key = null)
return $result;
}
+ /**
+ * Override parent save to redirect when using status edit account.
+ *
+ * @param string $key The name of the primary key of the URL variable.
+ * @param string $urlVar The name of the URL variable if different from the primary key (sometimes required to avoid router collisions).
+ *
+ * @return boolean True if successful, false otherwise.
+ *
+ * @since __DEPLOY_VERSION__
+ */
+ public function save($key = null, $urlVar = null)
+ {
+ $result = parent::save($key, $urlVar);
+
+ $task = $this->getTask();
+
+ if ($task === 'save' && $return = $this->input->get('return', '', 'BASE64'))
+ {
+ $return = base64_decode($return);
+
+ // Don't redirect to an external URL.
+ if (!Uri::isInternal($return))
+ {
+ $return = Uri::base();
+ }
+
+ $this->setRedirect($return);
+ }
+
+ return $result;
+ }
+
/**
* Method to run batch operations.
*
diff --git a/administrator/components/com_users/src/Dispatcher/Dispatcher.php b/administrator/components/com_users/src/Dispatcher/Dispatcher.php
new file mode 100644
index 0000000000000..55d0cb0308ef0
--- /dev/null
+++ b/administrator/components/com_users/src/Dispatcher/Dispatcher.php
@@ -0,0 +1,51 @@
+
+ * @license GNU General Public License version 2 or later; see LICENSE.txt
+ */
+
+namespace Joomla\Component\Users\Administrator\Dispatcher;
+
+\defined('_JEXEC') or die;
+
+use Joomla\CMS\Dispatcher\ComponentDispatcher;
+
+/**
+ * ComponentDispatcher class for com_users
+ *
+ * @since __DEPLOY_VERSION__
+ */
+class Dispatcher extends ComponentDispatcher
+{
+ /**
+ * Override checkAccess to allow users edit profile without having to have core.manager permission
+ *
+ * @return void
+ *
+ * @since __DEPLOY_VERSION__
+ */
+ protected function checkAccess()
+ {
+ $task = $this->input->getCmd('task');
+ $view = $this->input->getCmd('view');
+ $layout = $this->input->getCmd('layout');
+ $allowedTasks = ['user.edit', 'user.apply', 'user.save', 'user.cancel'];
+
+ // Allow users to edit their own account
+ if (in_array($task, $allowedTasks, true) || ($view === 'user' && $layout === 'edit'))
+ {
+ $user = $this->app->getIdentity();
+ $id = $this->input->getInt('id');
+
+ if ((int) $user->id === $id)
+ {
+ return;
+ }
+ }
+
+ parent::checkAccess();
+ }
+}
diff --git a/administrator/components/com_users/src/View/User/HtmlView.php b/administrator/components/com_users/src/View/User/HtmlView.php
index 79b345883e2f7..8c67309df88fe 100644
--- a/administrator/components/com_users/src/View/User/HtmlView.php
+++ b/administrator/components/com_users/src/View/User/HtmlView.php
@@ -144,7 +144,7 @@ protected function addToolbar()
$toolbarButtons = [];
- if ($canDo->get('core.edit') || $canDo->get('core.create'))
+ if ($canDo->get('core.edit') || $canDo->get('core.create') || $isProfile)
{
ToolbarHelper::apply('user.apply');
$toolbarButtons[] = ['save', 'user.save'];
diff --git a/administrator/modules/mod_user/tmpl/default.php b/administrator/modules/mod_user/tmpl/default.php
index 55c65ea1447d7..e8d4e27066434 100644
--- a/administrator/modules/mod_user/tmpl/default.php
+++ b/administrator/modules/mod_user/tmpl/default.php
@@ -37,12 +37,12 @@
name); ?>
- id . '&return=' . base64_encode($uri) . '#attrib-user_details'; ?>
+ id . '&return=' . base64_encode($uri) . '#attrib-user_details'; ?>
- id . '&return=' . base64_encode($uri) . '#attrib-accessibility'; ?>
+ id . '&return=' . base64_encode($uri) . '#attrib-accessibility'; ?>