diff --git a/INSTALL/INSTALL.md b/INSTALL/INSTALL.md
index 8e18f2c..679c660 100644
--- a/INSTALL/INSTALL.md
+++ b/INSTALL/INSTALL.md
@@ -32,13 +32,13 @@ sudo add-apt-repository ppa:ondrej/php
 - for apache
 
 ```bash
-sudo apt install apache2 mariadb-server git php8.2-intl php8.2-mbstring php8.2-dom php8.2-xml unzip php8.2-ldap php8.2-sqlite3 ph8.2p-curl sqlite libapache2-mod-php php8.2-mysql
+sudo apt install apache2 mariadb-server git php8.2 php8.2-intl php8.2-mbstring php8.2-dom php8.2-xml unzip php8.2-ldap php8.2-sqlite3 php8.2-curl sqlite libapache2-mod-php php8.2-mysql
 ```
 
 - for nginx
 
 ```bash
-sudo apt install nginx mariadb-server git php8.2-intl php8.2-mbstring php8.2-dom php8.2-xml unzip php8.2-ldap php8.2-sqlite3 ph8.2p-curl sqlite php8.2-mysql
+sudo apt install nginx mariadb-server git php8.2 php8.2-intl php8.2-mbstring php8.2-dom php8.2-xml unzip php8.2-ldap php8.2-sqlite3 php8.2-curl sqlite php8.2-mysql
 ```
 
 
@@ -48,7 +48,6 @@ Install composer:
 ~~~bash
 cd
 php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"
-php -r "if (hash_file('sha384', 'composer-setup.php') === '55ce33d7678c5a611085589f1f3ddf8b3c52d662cd01d4ba75c0ee0459970c2200a51f492d557530c71c15d8dba01eae') { echo 'Installer verified'; } else { echo 'Installer corrupt'; unlink('composer-setup.php'); } echo PHP_EOL;"
 php composer-setup.php
 php -r "unlink('composer-setup.php');"
 sudo mv composer.phar /usr/local/bin/composer
diff --git a/src/Controller/UserSettingsController.php b/src/Controller/UserSettingsController.php
index b6d8ecd..6bcd197 100644
--- a/src/Controller/UserSettingsController.php
+++ b/src/Controller/UserSettingsController.php
@@ -100,21 +100,34 @@ class UserSettingsController extends AppController
             'id' => $id
         ])->first();
 
-        if (!$this->isLoggedUserAllowedToEdit($entity)) {
-            throw new NotFoundException(__('Invalid {0}.', 'user setting'));
+        $currentUser = $this->ACL->getUser();
+        $validUsers = [];
+        $individual_ids = [];
+        if (!$currentUser['role']['perm_admin']) {
+            if ($currentUser['role']['perm_org_admin']) {
+                $validUsers = $this->Users->find('list')->select(['id', 'username'])->order(['username' => 'asc'])->where(['organisation_id' => $currentUser['organisation']['id']])->all()->toArray();
+            } else {
+                $validUsers = [$currentUser['id'] => $currentUser['username']];
+            }
+        } else {
+            $validUsers = $this->Users->find('list')->select(['id', 'username'])->order(['username' => 'asc'])->all()->toArray();
         }
 
         $entity = $this->CRUD->edit($id, [
-            'redirect' => ['action' => 'index', $entity->user_id]
+            'redirect' => ['action' => 'index', $entity->user_id],
+            'beforeSave' => function ($data) use ($validUsers) {
+                if (!in_array($data['user_id'], array_keys($validUsers))) {
+                    throw new MethodNotAllowedException(__('You cannot edit the given user.'));
+                }
+                return $data;
+            }
         ]);
         $responsePayload = $this->CRUD->getResponsePayload();
         if (!empty($responsePayload)) {
             return $responsePayload;
         }
         $dropdownData = [
-            'user' => $this->UserSettings->Users->find('list', [
-                'sort' => ['username' => 'asc']
-            ])->toArray(),
+            'user' => $validUsers,
         ];
         $this->set(compact('dropdownData'));
         $this->set('user_id', $this->entity->user_id);
@@ -259,8 +272,9 @@ class UserSettingsController extends AppController
                 if (empty($setting)) {
                     return false;
                 }
+            } else {
+                $isAllowed = $setting->user_id == $currentUser->id;
             }
-            $isAllowed = $setting->user_id == $currentUser->id;
         }
         return $isAllowed;
     }
diff --git a/src/Controller/UsersController.php b/src/Controller/UsersController.php
index 95db80a..574d344 100644
--- a/src/Controller/UsersController.php
+++ b/src/Controller/UsersController.php
@@ -74,7 +74,11 @@ class UsersController extends AppController
         } else {
             $validRoles = $this->Users->Roles->find('list')->order(['name' => 'asc'])->all()->toArray();
         }
-        $defaultRole = $this->Users->Roles->find()->select(['id'])->where(['is_default' => true])->first()->toArray();
+        $defaultRole = $this->Users->Roles->find()->select(['id'])->where(['is_default' => true])->first();
+        if (empty($defaultRole)) {
+            $defaultRole = $this->Users->Roles->find()->select(['id'])->first();
+        }
+        $defaultRole = $defaultRole->toArray();
         $individuals = $this->Users->Individuals->find('list', $individuals_params)->toArray();
         $this->CRUD->add([
             'beforeMarshal' => function($data) {