From f75d0829d1a98e2c686beb89d993df5ac824883f Mon Sep 17 00:00:00 2001
From: iglocska <andras.iklody@gmail.com>
Date: Tue, 18 Jan 2022 17:52:59 +0100
Subject: [PATCH] fix: [user edit] fixed for non admins

---
 src/Controller/UsersController.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/Controller/UsersController.php b/src/Controller/UsersController.php
index a5065db..9ffb2fe 100644
--- a/src/Controller/UsersController.php
+++ b/src/Controller/UsersController.php
@@ -7,6 +7,7 @@ use Cake\Utility\Text;
 use Cake\ORM\TableRegistry;
 use \Cake\Database\Expression\QueryExpression;
 use Cake\Http\Exception\UnauthorizedException;
+use Cake\Http\Exception\MethodNotAllowedException;
 use Cake\Core\Configure;
 
 class UsersController extends AppController
@@ -100,11 +101,10 @@ class UsersController extends AppController
         if (empty($id)) {
             $id = $currentUser['id'];
         } else {
+            $id = intval($id);
             if ((empty($currentUser['role']['perm_org_admin']) && empty($currentUser['role']['perm_admin']))) {
                 if ($id !== $currentUser['id']) {
                     throw new MethodNotAllowedException(__('You are not authorised to edit that user.'));
-                } else {
-                    $id = $currentUser['id'];
                 }
             }
         }