Fixes octobercms#3315

Fixes octobercms#3315 by moving the manipulation of the filter widget scopes to the controller event method instead of before any part of the controller constructor method is run.
sajt · Dec 28, 2017 · 69e56b0 · 69e56b0
1 parent 7ffb79a
commit 69e56b0
Showing 1 changed file with 10 additions and 8 deletions.
diff --git a/modules/backend/controllers/Users.php b/modules/backend/controllers/Users.php
@@ -49,14 +49,6 @@ class Users extends Controller
      */
     public function __construct()
     {
-        $this->user = BackendAuth::getUser();
-        if (!$this->user->isSuperUser()) {
-            // Prevent non-superusers from even seeing the is_superuser filter
-            $this->listConfig = $this->makeConfig($this->listConfig);
-            $this->listConfig->filter = $this->makeConfig($this->listConfig->filter);
-            unset($this->listConfig->filter->scopes['is_superuser']);
-        }
-
         parent::__construct();
 
         if ($this->action == 'myaccount') {
@@ -76,6 +68,16 @@ public function listExtendQuery($query)
             $query->where('is_superuser', false);
         }
     }
+
+    /**
+     * Prevents non-superusers from even seeing the is_superuser filter
+     */
+    public function listFilterExtendScopes($filterWidget)
+    {
+        if (!$this->user->isSuperUser()) {
+            $filterWidget->removeScope('is_superuser');
+        }
+    }
 
     /**
      * Extends the form query to prevent non-superusers from accessing superusers at all