Merge branch 'v3' of https://github.com/craftcms/cms into develop

# Conflicts: # CHANGELOG.md # composer.json # composer.lock
craftcms · May 23, 2023 · 2362dcc · 2362dcc
2 parents 817584b + 38e5bc7
commit 2362dcc
Show file tree

Hide file tree

Showing 4 changed files with 31 additions and 157 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -10,6 +10,8 @@
 - Fixed a bug where `craft\web\View::registerTwigExtension()` could throw an exception if Twig was already initialized. ([#13208](https://github.com/craftcms/cms/issues/13208))
 - Fixed a bug where entries mutated via GraphQL weren’t becoming globally enabled if `enabled` was set to `true`. ([#13214](https://github.com/craftcms/cms/pull/13214))
 - Fixed a styling issue with “Post Date” and “Expiry Date” fields. ([#13216](https://github.com/craftcms/cms/issues/13216))
+- Removed the OAuth 2.0 Client library, as it’s no longer used in core.
+- Fixed a bug where activation emails sent to newly-created users could link to the front-end site, if they were granted control panel access via a user group. ([#13204](https://github.com/craftcms/cms/issues/13204))
 - Fixed two XSS vulnerabilities.
 
 ## 4.4.11 - 2023-05-15

diff --git a/composer.json b/composer.json
@@ -36,15 +36,13 @@
     "ext-zip": "*",
     "commerceguys/addressing": "^1.2",
     "composer/composer": "2.2.19",
-    "craftcms/oauth2-craftid": "~1.0.0",
     "craftcms/plugin-installer": "~1.6.0",
     "craftcms/server-check": "~2.1.2",
     "creocoder/yii2-nested-sets": "~0.9.0",
     "elvanto/litemoji": "^4.3.0",
     "enshrined/svg-sanitize": "~0.16.0",
     "guzzlehttp/guzzle": "^7.2.0",
     "illuminate/collections": "^9.1.0",
-    "league/oauth2-client": "^2.6.0",
     "mikehaertl/php-shellcommand": "^1.6.3",
     "moneyphp/money": "^4.0",
     "monolog/monolog": "^2.3",
@@ -85,7 +83,6 @@
     "yii2tech/ar-softdelete": "1.0.4"
   },
   "conflict": {
-    "league/oauth2-client": "2.4.0",
     "webonyx/graphql-php": "14.11.7"
   },
   "suggest": {

diff --git a/composer.lock b/composer.lock
diff --git a/src/controllers/UsersController.php b/src/controllers/UsersController.php
@@ -1524,8 +1524,8 @@ public function actionSaveUser(): ?Response
                 }
 
                 // Assign user groups and permissions if the current user is allowed to do that
-                $this->_saveUserPermissions($user, $currentUser);
                 $this->_saveUserGroups($user, $currentUser);
+                $this->_saveUserPermissions($user, $currentUser);
 
                 // Fire an 'afterAssignGroupsAndPermissions' event
                 if ($this->hasEventHandlers(self::EVENT_AFTER_ASSIGN_GROUPS_AND_PERMISSIONS)) {