The issue
I'm trying to give a non-admin user permission to view and edit user attributes. In my test environment, I've created a group and given it the Edit user credentials and Edit user attributes permissions:
I've added my test user to the group and the Edit button now appears in the Controls dropdown on a user's profile page.
However, when the user clicks on the Edit button, they receive the following errors:
"You do not have permission to do that." displayed in the UI.
GET https://myw.adbo.co/flarum/public/api/criteria 403 (Forbidden)
The same behaviour is observed whether the non-admin user is trying to edit a non-admin user or an admin user. It's worth mentioning that an admin user can edit user attributes as expected. I believe that this was working in my production instance previously but has stopped, perhaps due to updates. Is there a permission I may be missing somewhere or is this a bug? Advice appreciated!
Flarum information
Flarum core: 1.8.5
PHP version: 8.3.3
MySQL version: 10.11.7-MariaDB-cll-lve
Loaded extensions: Core, date, libxml, openssl, pcre, sqlite3, zlib, bz2, calendar, ctype, curl, hash, filter, ftp, gettext, json, iconv, SPL, pcntl, random, readline, Reflection, session, standard, mbstring, shmop, SimpleXML, tokenizer, xml, i360, bcmath, dom, fileinfo, gd, geoip, grpc, imagick, intl, jsmin, exif, mcrypt, mysqlnd, mysqli, PDFlib, PDO, pdo_mysql, pdo_sqlite, Phar, posix, soap, sockets, sodium, xmlreader, xmlrpc, xmlwriter, xsl, zip, clos_ssa, Zend OPcache
+-------------------------------------+------------+--------+
| Flarum Extensions | | |
+-------------------------------------+------------+--------+
| ID | Version | Commit |
+-------------------------------------+------------+--------+
| flarum-flags | v1.8.0 | |
| askvortsov-auto-moderator | v0.1.3 | |
| afrux-forum-widgets-core | v0.1.7 | |
| flarum-tags | v1.8.0 | |
| flarum-suspend | v1.8.1 | |
| fof-impersonate | 1.1.1 | |
| flarum-approval | v1.8.1 | |
| flamarkt-backoffice | 0.1.3 | |
| v17development-user-badges | v1.1.0 | |
| v17development-seo | v1.8.1 | |
| the-turk-flamoji | 1.0.4 | |
| nearata-prevent-double-posting | 1.1.0 | |
| justoverclock-users-map-location | 0.1.6 | |
| justoverclock-first-visit-indexpage | 0.1.2 | |
| justoverclock-events-countdown | 0.1.8 | |
| justoverclock-country-flags | 1.0.0 | |
| ianm-synopsis | dev-master | |
| fof-user-directory | 1.3.3 | |
| fof-user-bio | 1.3.2 | |
| fof-upload | 1.5.4 | |
| fof-split | 1.1.1 | |
| fof-share-social | 1.2.0 | |
| fof-nightmode | 1.5.3 | |
| fof-moderator-notes | 1.2.2 | |
| fof-merge-discussions | 1.4.1 | |
| fof-geoip | 1.4.2 | |
| fof-formatting | 1.0.3 | |
| fof-filter | 1.1.3 | |
| fof-byobu | 1.3.6 | |
| flarumite-simple-discussion-views | 1.2.2 | |
| flarum-subscriptions | v1.8.0 | |
| flarum-sticky | v1.8.0 | |
| flarum-statistics | v1.8.0 | |
| flarum-nicknames | v1.8.0 | |
| flarum-mentions | v1.8.3 | |
| flarum-markdown | v1.8.0 | |
| flarum-lock | v1.8.0 | |
| flarum-likes | v1.8.0 | |
| flarum-lang-english | v1.8.0 | |
| flarum-emoji | v1.8.0 | |
| flarum-bbcode | v1.8.0 | |
| datlechin-usercard-uid | v0.1.1 | |
| datlechin-link-preview | v1.5.0 | |
| darkle-fancybox | 1.1.3 | |
| clarkwinkelmann-post-stream-search | 1.1.0 | |
| clarkwinkelmann-first-post-approval | 1.0.1 | |
| clarkwinkelmann-author-change | 1.0.3 | |
| askvortsov-moderator-warnings | dev-master | |
| askvortsov-discussion-templates | v0.8.3 | |
| afrux-top-posters-widget | dev-main | |
| afrux-news-widget | v0.1.1 | |
| afrux-forum-stats-widget | v0.1.1 | |
| acpl-mobile-tab | 1.4.2 | |
+-------------------------------------+------------+--------+
Base URL: https://myw.adbo.co/flarum/public
Installation path: /home/girlguid/domains/adbo.co/public_html/myw/flarum
Queue driver: sync
Session driver: file
Mail driver: mail
Debug mode: off
