diff --git a/main/admin/user_list.php b/main/admin/user_list.php index b432f1f3c9..531a598956 100755 --- a/main/admin/user_list.php +++ b/main/admin/user_list.php @@ -304,14 +304,6 @@ function prepare_user_sql_query($getCount) } $keyword_extra_value = ''; - - // This block is never executed because $keyword_extra_data never exists - /* - if (isset($keyword_extra_data) && !empty($keyword_extra_data) && - !empty($keyword_extra_data_text)) { - $keyword_extra_value = " AND ufv.field_value LIKE '%".trim($keyword_extra_data_text)."%' "; - } - */ $sql .= " $query_admin_table WHERE ( u.firstname LIKE '".Database::escape_string("%".$keywordListValues['keyword_firstname']."%")."' AND @@ -341,10 +333,19 @@ function prepare_user_sql_query($getCount) } $preventSessionAdminsToManageAllUsers = api_get_setting('prevent_session_admins_to_manage_all_users'); + + $extraConditions = ''; if (api_is_session_admin() && $preventSessionAdminsToManageAllUsers === 'true') { - $sql .= ' AND u.creator_id = '.api_get_user_id(); + $extraConditions .= ' AND u.creator_id = '.api_get_user_id(); + } + + // adding the filter to see the user's only of the current access_url + if ($isMultipleUrl) { + $extraConditions .= ' AND url_rel_user.access_url_id = '.$urlId; } + $sql .= $extraConditions; + $variables = Session::read('variables_to_show', []); $extraFields = api_get_configuration_value('user_search_on_extra_fields'); @@ -400,20 +401,10 @@ function prepare_user_sql_query($getCount) } if (!empty($extraFieldHasData)) { - $urlKeywordCondition = ''; - if ($isMultipleUrl) { - $urlKeywordCondition .= ' AND u.id = url_rel_user.user_id AND url_rel_user.access_url_id = '.$urlId; - } - - $sql .= " OR (u.id IN ('".implode("','", $extraFieldResult)."') $urlKeywordCondition ) "; + $sql .= " OR (u.id IN ('".implode("','", $extraFieldResult)."') $extraConditions ) "; } } - // adding the filter to see the user's only of the current access_url - if ($isMultipleUrl) { - $sql .= ' AND url_rel_user.access_url_id = '.$urlId; - } - return $sql; }