Skip to content

Fixed userResource request to get all users#18105

Merged
Migaroez merged 1 commit intov13/devfrom
v13/bugfix/retrieve-users-into-backoffice
Feb 11, 2025
Merged

Fixed userResource request to get all users#18105
Migaroez merged 1 commit intov13/devfrom
v13/bugfix/retrieve-users-into-backoffice

Conversation

@AndyButland
Copy link
Contributor

@AndyButland AndyButland commented Jan 24, 2025

Prerequisites

  • I have added steps to test this contribution in the description below

Fixes: #12471

Description

This PR fixes the request usersResource.getUsers that you can issue from the backoffice in angularjs. It's not actually used in the backoffice code, but could be used in packages or custom backoffice extensions.

There were two issues:

  • The model binding of the request wasn't correct. I've aligned it with similar GetByIds requests in other controllers so it works now.
  • The authentication wasn't correctly checking the querystring value for ensuring that only admin users can retrieve admin user details.

To Test:

  • Throw the following code in somewhere where you have or have added an injected userResource:
      usersResource.getUsers([-1]).then(function (data) {
        console.log(data);
      })
  • Check that it works correctly for an admin user but doesn't for a non-admin one.

@AndyButland AndyButland changed the title Fixed userResource request to get all users. Fixed userResource request to get all users Jan 24, 2025
@AndyButland AndyButland requested a review from Migaroez February 7, 2025 12:52
Migaroez
Migaroez approved these changes Feb 11, 2025
View reviewed changes
Copy link
Contributor

@Migaroez Migaroez left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Works as expected, code looks good and can't find any issues with the added requirement as the Handler early returns when the query string does not contain the specified parameter and there are no methods that use the policy where the "ids" parameter is used in a different way.

@Migaroez Migaroez merged commit 048f8bc into v13/dev Feb 11, 2025
19 of 20 checks passed
@Migaroez Migaroez deleted the v13/bugfix/retrieve-users-into-backoffice branch February 11, 2025 16:06
@AndyButland AndyButland mentioned this pull request Feb 17, 2025
Closed
@dependabot dependabot bot mentioned this pull request Jul 29, 2025
Closed
@dependabot dependabot bot mentioned this pull request Aug 5, 2025
Closed
@dependabot dependabot bot mentioned this pull request Aug 26, 2025
Closed
This was referenced Sep 30, 2025
Closed
Closed
Closed
@dependabot dependabot bot mentioned this pull request Oct 13, 2025
Closed
@dependabot dependabot bot mentioned this pull request Dec 9, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Migaroez Migaroez Migaroez approved these changes

Assignees

No one assigned

Labels

area/backend area/frontend

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@AndyButland @Migaroez