Only admins and hrm users can search for global users.

Author: jmontoyaa

main/inc/ajax/user_manager.ajax.php

@@ -14,23 +14,23 @@
 
 switch ($action) {
     case 'get_user_like':
-        api_block_anonymous_users(false);
-
-        $query = $_REQUEST['q'];
-        $conditions = [
-            'username' => $query,
-            'firstname' => $query,
-            'lastname' => $query,
-        ];
-        $users = UserManager::getUserListLike($conditions, [], false, 'OR');
-        $result = [];
-        if (!empty($users)) {
-            foreach ($users as $user) {
-                $result[] = ['id' => $user['id'], 'text' => $user['complete_name'].' ('.$user['username'].')'];
+        if (api_is_platform_admin() || api_is_drh()) {
+            $query = $_REQUEST['q'];
+            $conditions = [
+                'username' => $query,
+                'firstname' => $query,
+                'lastname' => $query,
+            ];
+            $users = UserManager::getUserListLike($conditions, [], false, 'OR');
+            $result = [];
+            if (!empty($users)) {
+                foreach ($users as $user) {
+                    $result[] = ['id' => $user['id'], 'text' => $user['complete_name'].' ('.$user['username'].')'];
+                }
+                $result['items'] = $result;
             }
-            $result['items'] = $result;
+            echo json_encode($result);
         }
-        echo json_encode($result);
         break;
     case 'get_user_popup':
         $courseId = isset($_REQUEST['course_id']) ? (int) $_REQUEST['course_id'] : 0;