We’ve recently upgraded to version 3.5.1 on a self-hosted installation and are since seeing the following problems:
A) When switching to a user that does not have the is_admin flag, one can no longer switch back to any other user-account since all links in the drop-down now point to settings/user_details
B) Some users cannot be switched to and we’re unable to figure out why that is the case. Some of them have the is_admin flag set, some do not, some have a permissions value of 7, others of 0. All are confirmed.
Regarding point B, is there anything we can check in the database to see why some account can be switched to while others can’t? There’s not information in the various logs (but I don’t really know how to enable debug mode either).
Any help is much appreciated. We have several accounts on our installation and some people are unable to switch to any of them but the primary one.
I upgraded from 2.8.1.
When I change the check to true as mentioned, I now see the links in the drop-down, but I get a “Unauthorized.” as a response.
But I saw that this code hasn’t changed from 2.8.1 and I think this issue is secondary. It probably didn’t work before either, but maybe nobody bothered that they could lock themselves out of account switching (or someone changed someone else’s permissions for one of their accounts from admin to non-admin).
However, the fact that I’m unable to change to some accounts is more of a problem – and a total mystery – to us. Users report that they were able to switch to those accounts in 2.8.1. and I can see them in the user_accounts table tied to they primary accounts.
Since I’m unfamiliar with the invoiceninja/Laravel code-base, debugging from scratch will be difficult for me, but if you could point me at the code that handles account switching, maybe I would manage to dump some state/variables that would explain why some accounts can be switched to while other can’t.
This is where the route is defined:
About 6 lines up you can see this section requires admin permissions.