From cc685141e979e55f1f39cfcca765e14742cb85f1 Mon Sep 17 00:00:00 2001
From: Uwe Steinmann <steinm@debian.org>
Date: Thu, 21 Apr 2016 17:19:28 +0200
Subject: [PATCH 1/9] fix wrong variable name

---
 SeedDMS_Core/Core/inc.ClassDocument.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/SeedDMS_Core/Core/inc.ClassDocument.php b/SeedDMS_Core/Core/inc.ClassDocument.php
index 349b911a3..864a0d913 100644
--- a/SeedDMS_Core/Core/inc.ClassDocument.php
+++ b/SeedDMS_Core/Core/inc.ClassDocument.php
@@ -3169,7 +3169,7 @@ class SeedDMS_Core_DocumentContent extends SeedDMS_Core_Object { /* {{{ */
 		if ($u->getID() == $owner->getID()) return M_READ;
 
 		/* Read/Write access on the document will also grant access on the version */
-		if($this->_document->getAccessMode($user) >= M_READWRITE) return M_READ;
+		if($this->_document->getAccessMode($u) >= M_READWRITE) return M_READ;
 
 		/* At this point the current status is in the list of status without read access.
 		 * The only way to still gain read access is, if the user is involved in the

From 823e7bf76ec3890d5038facc71a83ef74d9913ab Mon Sep 17 00:00:00 2001
From: Uwe Steinmann <steinm@debian.org>
Date: Thu, 21 Apr 2016 17:19:58 +0200
Subject: [PATCH 2/9] better handling of access rights if advanced access
 rights are turn off

check_view_access() returns true for admins and false otherwise
---
 inc/inc.ClassAccessOperation.php | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/inc/inc.ClassAccessOperation.php b/inc/inc.ClassAccessOperation.php
index b350e8b69..d5e2d5732 100644
--- a/inc/inc.ClassAccessOperation.php
+++ b/inc/inc.ClassAccessOperation.php
@@ -360,8 +360,12 @@ class SeedDMS_AccessOperation {
 	 * no specific access right is set, otherwise false
 	 */
 	function check_view_access($view, $get=array()) { /* {{{ */
-		if(!$this->settings->_advancedAcl)
-			return true;
+		if(!$this->settings->_advancedAcl) {
+			if($this->user->isAdmin())
+				return true;
+			else
+				return false;
+		}
 		if(is_string($view)) {
 			$scripts = array($view);
 		} elseif(is_array($view)) {

From e1926ed2176929cd8b572f56626ad6df57b8fe65 Mon Sep 17 00:00:00 2001
From: Uwe Steinmann <steinm@debian.org>
Date: Fri, 22 Apr 2016 08:21:18 +0200
Subject: [PATCH 3/9] add more documentation

---
 inc/inc.ClassAccessOperation.php | 7 +++++--
 inc/inc.ClassViewCommon.php      | 8 ++++----
 2 files changed, 9 insertions(+), 6 deletions(-)

diff --git a/inc/inc.ClassAccessOperation.php b/inc/inc.ClassAccessOperation.php
index d5e2d5732..cd6acdbca 100644
--- a/inc/inc.ClassAccessOperation.php
+++ b/inc/inc.ClassAccessOperation.php
@@ -348,14 +348,17 @@ class SeedDMS_AccessOperation {
 	 * Check for access permission on view
 	 *
 	 * If the parameter $view is an array then each element is considered the
-	 * name of a view and true will be returned if one is accessible.
+	 * name of a view and true will be returned if one of them is accessible.
 	 * Whether access is allowed also depends on the currently logged in user
 	 * stored in the view object. If the user is an admin the access 
 	 * on a view must be explicitly disallowed. For regular users the access
 	 * must be explicitly allowed.
 	 *
+	 * If advanced access control is turn off, this function will always return
+	 * true for admins and false for other users.
+	 *
 	 * @param mixed $view Instanz of view, name of view or array of view names
-	 * @param string $get query parameters
+	 * @param string $get query parameters possible containing the element 'action'
 	 * @return boolean true if access is allowed, false if access is disallowed
 	 * no specific access right is set, otherwise false
 	 */
diff --git a/inc/inc.ClassViewCommon.php b/inc/inc.ClassViewCommon.php
index c5d199a6b..42dab1cf2 100644
--- a/inc/inc.ClassViewCommon.php
+++ b/inc/inc.ClassViewCommon.php
@@ -171,10 +171,10 @@ class SeedDMS_View_Common {
 	 * Check if the access on the view with given name or the current view itself
 	 * may be accessed.
 	 *
-	 * The function behaves differently for admins and other users. For admins
-	 * a view must be explitly disallowed for this function to return false.
-	 * For other users access on a view must be explicitly allow for the this
-	 * function to return true.
+	 * The function requires the parameter 'accessobject' to be available in the
+	 * view, because it calls SeedDMS_AccessOperation::check_view_access()
+	 * to check access rights. If the the optional $name is not set the
+	 * current view is used.
 	 *
 	 * @param string|array $name name of view or list of view names
 	 * @return boolean true if access is allowed otherwise false

From d63b36f3bfea9d3d575a55584ee44fc55d3cb5d7 Mon Sep 17 00:00:00 2001
From: Uwe Steinmann <steinm@debian.org>
Date: Fri, 22 Apr 2016 08:21:44 +0200
Subject: [PATCH 4/9] no need to check explicitly for admin,
 check_view_access() is enough

---
 views/bootstrap/class.AdminTools.php | 42 ++++++++++++++--------------
 1 file changed, 21 insertions(+), 21 deletions(-)

diff --git a/views/bootstrap/class.AdminTools.php b/views/bootstrap/class.AdminTools.php
index 8b92d3039..19a5619c2 100644
--- a/views/bootstrap/class.AdminTools.php
+++ b/views/bootstrap/class.AdminTools.php
@@ -47,33 +47,33 @@ class SeedDMS_View_AdminTools extends SeedDMS_Bootstrap_Style {
 ?>
 	<div id="admin-tools">
 	<div class="row-fluid">
-<?php if($accessop->check_view_access('UsrMgr') || $user->isAdmin()) { ?>
+<?php if($accessop->check_view_access('UsrMgr')) { ?>
 		<a href="../out/out.UsrMgr.php" class="span3 btn btn-medium"><i class="icon-user"></i><br /><?php echo getMLText("user_management")?></a>
 <?php } ?>
-<?php if($accessop->check_view_access('GroupMgr') || $user->isAdmin()) { ?>
+<?php if($accessop->check_view_access('GroupMgr')) { ?>
 		<a href="../out/out.GroupMgr.php" class="span3 btn btn-medium"><i class="icon-group"></i><br /><?php echo getMLText("group_management")?></a>
 <?php } ?>
-<?php if($accessop->check_view_access('RoleMgr') || $user->isAdmin()) { ?>
+<?php if($accessop->check_view_access('RoleMgr')) { ?>
 		<a href="../out/out.RoleMgr.php" class="span3 btn btn-medium"><i class="icon-bullseye"></i><br /><?php echo getMLText("role_management")?></a>
 <?php } ?>
 	</div>
 	<div class="row-fluid">
-<?php if($accessop->check_view_access('BackupTools') || $user->isAdmin()) { ?>
+<?php if($accessop->check_view_access('BackupTools')) { ?>
 		<a href="../out/out.BackupTools.php" class="span3 btn btn-medium"><i class="icon-hdd"></i><br /><?php echo getMLText("backup_tools")?></a>
 <?php } ?>
 <?php		
-		if ($logfileenable && ($accessop->check_view_access('LogManagement') || $user->isAdmin()))
+		if ($logfileenable && ($accessop->check_view_access('LogManagement')))
 			echo "<a href=\"../out/out.LogManagement.php\" class=\"span3 btn btn-medium\"><i class=\"icon-list\"></i><br />".getMLText("log_management")."</a>";
 ?>
 	</div>
 	<div class="row-fluid">
-<?php if($accessop->check_view_access('DefaultKeywords') || $user->isAdmin()) { ?>
+<?php if($accessop->check_view_access('DefaultKeywords')) { ?>
 		<a href="../out/out.DefaultKeywords.php" class="span3 btn btn-medium"><i class="icon-reorder"></i><br /><?php echo getMLText("global_default_keywords")?></a>
 <?php } ?>
-<?php if($accessop->check_view_access('Categories') || $user->isAdmin()) { ?>
+<?php if($accessop->check_view_access('Categories')) { ?>
 		<a href="../out/out.Categories.php" class="span3 btn btn-medium"><i class="icon-columns"></i><br /><?php echo getMLText("global_document_categories")?></a>
 <?php } ?>
-<?php if($accessop->check_view_access('AttributeMgr') || $user->isAdmin()) { ?>
+<?php if($accessop->check_view_access('AttributeMgr')) { ?>
 		<a href="../out/out.AttributeMgr.php" class="span3 btn btn-medium"><i class="icon-tags"></i><br /><?php echo getMLText("global_attributedefinitions")?></a>
 <?php } ?>
 	</div>
@@ -81,13 +81,13 @@ class SeedDMS_View_AdminTools extends SeedDMS_Bootstrap_Style {
 	if($this->params['workflowmode'] == 'advanced') {
 ?>
 	<div class="row-fluid">
-<?php if($accessop->check_view_access('WorkflowMgr') || $user->isAdmin()) { ?>
+<?php if($accessop->check_view_access('WorkflowMgr')) { ?>
 		<a href="../out/out.WorkflowMgr.php" class="span3 btn btn-medium"><i class="icon-sitemap"></i><br /><?php echo getMLText("global_workflows"); ?></a>
 <?php } ?>
-<?php if($accessop->check_view_access('WorkflowStatesMgr') || $user->isAdmin()) { ?>
+<?php if($accessop->check_view_access('WorkflowStatesMgr')) { ?>
 		<a href="../out/out.WorkflowStatesMgr.php" class="span3 btn btn-medium"><i class="icon-star"></i><br /><?php echo getMLText("global_workflow_states"); ?></a>
 <?php } ?>
-<?php if($accessop->check_view_access('WorkflowActionsMgr') || $user->isAdmin()) { ?>
+<?php if($accessop->check_view_access('WorkflowActionsMgr')) { ?>
 		<a href="../out/out.WorkflowActionsMgr.php" class="span3 btn btn-medium"><i class="icon-bolt"></i><br /><?php echo getMLText("global_workflow_actions"); ?></a>
 <?php } ?>
 	</div>
@@ -96,13 +96,13 @@ class SeedDMS_View_AdminTools extends SeedDMS_Bootstrap_Style {
 		if($enablefullsearch) {
 ?>
 	<div class="row-fluid">
-<?php if($accessop->check_view_access('Indexer') || $user->isAdmin()) { ?>
+<?php if($accessop->check_view_access('Indexer')) { ?>
 		<a href="../out/out.Indexer.php" class="span3 btn btn-medium"><i class="icon-refresh"></i><br /><?php echo getMLText("update_fulltext_index")?></a>
 <?php } ?>
-<?php if($accessop->check_view_access('CreateIndex') || $user->isAdmin()) { ?>
+<?php if($accessop->check_view_access('CreateIndex')) { ?>
 		<a href="../out/out.CreateIndex.php" class="span3 btn btn-medium"><i class="icon-search"></i><br /><?php echo getMLText("create_fulltext_index")?></a>
 <?php } ?>
-<?php if($accessop->check_view_access('IndexInfo') || $user->isAdmin()) { ?>
+<?php if($accessop->check_view_access('IndexInfo')) { ?>
 		<a href="../out/out.IndexInfo.php" class="span3 btn btn-medium"><i class="icon-info-sign"></i><br /><?php echo getMLText("fulltext_info")?></a>
 <?php } ?>
 	</div>
@@ -110,27 +110,27 @@ class SeedDMS_View_AdminTools extends SeedDMS_Bootstrap_Style {
 		}
 ?>
 	<div class="row-fluid">
-<?php if($accessop->check_view_access('Statistic') || $user->isAdmin()) { ?>
+<?php if($accessop->check_view_access('Statistic')) { ?>
 		<a href="../out/out.Statistic.php" class="span3 btn btn-medium"><i class="icon-tasks"></i><br /><?php echo getMLText("folders_and_documents_statistic")?></a>
 <?php } ?>
-<?php if($accessop->check_view_access('Charts') || $user->isAdmin()) { ?>
+<?php if($accessop->check_view_access('Charts')) { ?>
 		<a href="../out/out.Charts.php" class="span3 btn btn-medium"><i class="icon-bar-chart"></i><br /><?php echo getMLText("charts")?></a>
 <?php } ?>
-<?php if($accessop->check_view_access('ObjectCheck') || $user->isAdmin()) { ?>
+<?php if($accessop->check_view_access('ObjectCheck')) { ?>
 		<a href="../out/out.ObjectCheck.php" class="span3 btn btn-medium"><i class="icon-check"></i><br /><?php echo getMLText("objectcheck")?></a>
 <?php } ?>
-<?php if($accessop->check_view_access('Timeline') || $user->isAdmin()) { ?>
+<?php if($accessop->check_view_access('Timeline')) { ?>
 		<a href="../out/out.Timeline.php" class="span3 btn btn-medium"><i class="icon-time"></i><br /><?php echo getMLText("timeline")?></a>
 <?php } ?>
 	</div>
 	<div class="row-fluid">
-<?php if($accessop->check_view_access('Settings') || $user->isAdmin()) { ?>
+<?php if($accessop->check_view_access('Settings')) { ?>
 		<a href="../out/out.Settings.php" class="span3 btn btn-medium"><i class="icon-wrench"></i><br /><?php echo getMLText("settings")?></a>
 <?php } ?>
-<?php if($accessop->check_view_access('ExtensionMgr') || $user->isAdmin()) { ?>
+<?php if($accessop->check_view_access('ExtensionMgr')) { ?>
 		<a href="../out/out.ExtensionMgr.php" class="span3 btn btn-medium"><i class="icon-cogs"></i><br /><?php echo getMLText("extension_manager")?></a>
 <?php } ?>
-<?php if($accessop->check_view_access('Info') || $user->isAdmin()) { ?>
+<?php if($accessop->check_view_access('Info')) { ?>
 		<a href="../out/out.Info.php" class="span3 btn btn-medium"><i class="icon-info-sign"></i><br /><?php echo getMLText("version_info")?></a>
 <?php } ?>
 	</div>

From bc6f641eb3d8fe13bc379fa7bf170bfe293f733f Mon Sep 17 00:00:00 2001
From: Uwe Steinmann <steinm@debian.org>
Date: Fri, 22 Apr 2016 08:22:19 +0200
Subject: [PATCH 5/9] add more access checks for action 'info' and 'form'

---
 views/bootstrap/class.AttributeMgr.php | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/views/bootstrap/class.AttributeMgr.php b/views/bootstrap/class.AttributeMgr.php
index cd4a3b011..ac0a7fdbc 100644
--- a/views/bootstrap/class.AttributeMgr.php
+++ b/views/bootstrap/class.AttributeMgr.php
@@ -306,12 +306,16 @@ $(document).ready( function() {
 ?>
 	</select>
 </div>
-<div class="ajax" data-view="AttributeMgr" data-action="info" <?php echo ($selattrdef ? "data-query=\"attrdefid=".$selattrdef->getID()."\"" : "") ?>></div>
+<?php if($accessop->check_view_access($this, array('action'=>'info'))) { ?>
+	<div class="ajax" data-view="AttributeMgr" data-action="info" <?php echo ($selattrdef ? "data-query=\"attrdefid=".$selattrdef->getID()."\"" : "") ?>></div>
+<?php } ?>
 </div>
 
 <div class="span6">
 	<div class="well">
+<?php if($accessop->check_view_access($this, array('action'=>'form'))) { ?>
 		<div class="ajax" data-view="AttributeMgr" data-action="form" <?php echo ($selattrdef ? "data-query=\"attrdefid=".$selattrdef->getID()."\"" : "") ?>></div>
+<?php } ?>
 	</div>
 </div>
 

From 088a146888f56b131dfab7ac4182a0fa4d92d6d4 Mon Sep 17 00:00:00 2001
From: Uwe Steinmann <steinm@debian.org>
Date: Fri, 22 Apr 2016 08:22:50 +0200
Subject: [PATCH 6/9] add more access checks, fixed html

---
 views/bootstrap/class.GroupMgr.php | 15 ++++++++++-----
 1 file changed, 10 insertions(+), 5 deletions(-)

diff --git a/views/bootstrap/class.GroupMgr.php b/views/bootstrap/class.GroupMgr.php
index 2438f17e7..7b1838e0e 100644
--- a/views/bootstrap/class.GroupMgr.php
+++ b/views/bootstrap/class.GroupMgr.php
@@ -257,6 +257,7 @@ $(document).ready( function() {
 	function show() { /* {{{ */
 		$dms = $this->params['dms'];
 		$user = $this->params['user'];
+		$accessop = $this->params['accessobject'];
 		$selgroup = $this->params['selgroup'];
 		$allUsers = $this->params['allusers'];
 		$allGroups = $this->params['allgroups'];
@@ -284,18 +285,22 @@ $(document).ready( function() {
 ?>
 </select>
 </div>
-<div class="ajax" data-view="GroupMgr" data-action="info" <?php echo ($selgroup ? "data-query=\"groupid=".$selgroup->getID()."\"" : "") ?>></div>
+<?php if($accessop->check_view_access($this, array('action'=>'info'))) { ?>
+	<div class="ajax" data-view="GroupMgr" data-action="info" <?php echo ($selgroup ? "data-query=\"groupid=".$selgroup->getID()."\"" : "") ?>></div>
+<?php } ?>
 </div>
 
 <div class="span8">
-<div class="well">
-<div class="ajax" data-view="GroupMgr" data-action="form" <?php echo ($selgroup ? "data-query=\"groupid=".$selgroup->getID()."\"" : "") ?>></div>
-</div>
+	<div class="well">
+<?php if($accessop->check_view_access($this, array('action'=>'form'))) { ?>
+		<div class="ajax" data-view="GroupMgr" data-action="form" <?php echo ($selgroup ? "data-query=\"groupid=".$selgroup->getID()."\"" : "") ?>></div>
+<?php } ?>
+	</div>
 </div>
+
 </div>
 
 <?php
-		$this->contentContainerEnd();
 		$this->contentEnd();
 		$this->htmlEndPage();
 	} /* }}} */

From 7e3535ad1ac0d343b183861fd4640d36800c4426 Mon Sep 17 00:00:00 2001
From: Uwe Steinmann <steinm@debian.org>
Date: Fri, 22 Apr 2016 08:23:15 +0200
Subject: [PATCH 7/9] add more access checks for actions 'info' and 'form'

---
 views/bootstrap/class.RoleMgr.php | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/views/bootstrap/class.RoleMgr.php b/views/bootstrap/class.RoleMgr.php
index 08beeb2e1..d19c6b8a1 100644
--- a/views/bootstrap/class.RoleMgr.php
+++ b/views/bootstrap/class.RoleMgr.php
@@ -205,14 +205,19 @@ $(document).ready( function() {
 ?>
 </select>
 </div>
-<div class="ajax" data-view="RoleMgr" data-action="info" <?php echo ($selrole ? "data-query=\"roleid=".$selrole->getID()."\"" : "") ?>></div>
+<?php if($accessop->check_view_access($this, array('action'=>'info'))) { ?>
+	<div class="ajax" data-view="RoleMgr" data-action="info" <?php echo ($selrole ? "data-query=\"roleid=".$selrole->getID()."\"" : "") ?>></div>
+<?php } ?>
 </div>
 
 <div class="span8">
 	<div class="well">
+<?php if($accessop->check_view_access($this, array('action'=>'form'))) { ?>
 		<div class="ajax" data-view="RoleMgr" data-action="form" <?php echo ($selrole ? "data-query=\"roleid=".$selrole->getID()."\"" : "") ?>></div>
+<?php } ?>
 	</div>
 </div>
+</div>
 
 <?php
 		$this->contentEnd();

From 0d3ff8a2d4a32d42c76c1d8a15a3be66b01e471b Mon Sep 17 00:00:00 2001
From: Uwe Steinmann <steinm@debian.org>
Date: Fri, 22 Apr 2016 08:23:37 +0200
Subject: [PATCH 8/9] add access check for action 'form', no need to check for
 admin

---
 views/bootstrap/class.UsrMgr.php | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/views/bootstrap/class.UsrMgr.php b/views/bootstrap/class.UsrMgr.php
index e241b0a37..337d6841f 100644
--- a/views/bootstrap/class.UsrMgr.php
+++ b/views/bootstrap/class.UsrMgr.php
@@ -520,14 +520,16 @@ $(document).ready( function() {
 ?>
 </select>
 </div>
-<?php if($accessop->check_view_access($this, array('action'=>'info')) || $user->isAdmin()) { ?>
-<div class="ajax" data-view="UsrMgr" data-action="info" <?php echo ($seluser ? "data-query=\"userid=".$seluser->getID()."\"" : "") ?>></div>
+<?php if($accessop->check_view_access($this, array('action'=>'info'))) { ?>
+	<div class="ajax" data-view="UsrMgr" data-action="info" <?php echo ($seluser ? "data-query=\"userid=".$seluser->getID()."\"" : "") ?>></div>
 <?php } ?>
 </div>
 
 <div class="span8">
 	<div class="well">
+<?php if($accessop->check_view_access($this, array('action'=>'form'))) { ?>
 		<div class="ajax" data-view="UsrMgr" data-action="form" <?php echo ($seluser ? "data-query=\"userid=".$seluser->getID()."\"" : "") ?>></div>
+<?php } ?>
 	</div>
 </div>
 </div>

From decbdb1dae3df4a3e469bc5d4b4672bfbb7d3d59 Mon Sep 17 00:00:00 2001
From: Uwe Steinmann <steinm@debian.org>
Date: Fri, 22 Apr 2016 08:30:19 +0200
Subject: [PATCH 9/9] minor html formating

---
 views/bootstrap/class.AttributeMgr.php |  2 +-
 views/bootstrap/class.GroupMgr.php     | 10 +++++-----
 views/bootstrap/class.UsrMgr.php       |  2 +-
 3 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/views/bootstrap/class.AttributeMgr.php b/views/bootstrap/class.AttributeMgr.php
index cd4a3b011..32c180438 100644
--- a/views/bootstrap/class.AttributeMgr.php
+++ b/views/bootstrap/class.AttributeMgr.php
@@ -306,7 +306,7 @@ $(document).ready( function() {
 ?>
 	</select>
 </div>
-<div class="ajax" data-view="AttributeMgr" data-action="info" <?php echo ($selattrdef ? "data-query=\"attrdefid=".$selattrdef->getID()."\"" : "") ?>></div>
+	<div class="ajax" data-view="AttributeMgr" data-action="info" <?php echo ($selattrdef ? "data-query=\"attrdefid=".$selattrdef->getID()."\"" : "") ?>></div>
 </div>
 
 <div class="span6">
diff --git a/views/bootstrap/class.GroupMgr.php b/views/bootstrap/class.GroupMgr.php
index f04581e39..e210a2cdf 100644
--- a/views/bootstrap/class.GroupMgr.php
+++ b/views/bootstrap/class.GroupMgr.php
@@ -284,18 +284,18 @@ $(document).ready( function() {
 ?>
 </select>
 </div>
-<div class="ajax" data-view="GroupMgr" data-action="info" <?php echo ($selgroup ? "data-query=\"groupid=".$selgroup->getID()."\"" : "") ?>></div>
+	<div class="ajax" data-view="GroupMgr" data-action="info" <?php echo ($selgroup ? "data-query=\"groupid=".$selgroup->getID()."\"" : "") ?>></div>
 </div>
 
 <div class="span8">
-<div class="well">
-<div class="ajax" data-view="GroupMgr" data-action="form" <?php echo ($selgroup ? "data-query=\"groupid=".$selgroup->getID()."\"" : "") ?>></div>
-</div>
+	<div class="well">
+		<div class="ajax" data-view="GroupMgr" data-action="form" <?php echo ($selgroup ? "data-query=\"groupid=".$selgroup->getID()."\"" : "") ?>></div>
+	</div>
 </div>
+
 </div>
 
 <?php
-		$this->contentContainerEnd();
 		$this->contentEnd();
 		$this->htmlEndPage();
 	} /* }}} */
diff --git a/views/bootstrap/class.UsrMgr.php b/views/bootstrap/class.UsrMgr.php
index 4e31f08ef..55a16eaf9 100644
--- a/views/bootstrap/class.UsrMgr.php
+++ b/views/bootstrap/class.UsrMgr.php
@@ -481,7 +481,7 @@ $(document).ready( function() {
 ?>
 </select>
 </div>
-<div class="ajax" data-view="UsrMgr" data-action="info" <?php echo ($seluser ? "data-query=\"userid=".$seluser->getID()."\"" : "") ?>></div>
+	<div class="ajax" data-view="UsrMgr" data-action="info" <?php echo ($seluser ? "data-query=\"userid=".$seluser->getID()."\"" : "") ?>></div>
 </div>
 
 <div class="span8">