Make sure all sites with no access are selected in UsersManager.getSitesForUser when current user is admin. (#13323)

2 files changed, 17 insertions, 1 deletions

diff --git a/plugins/UsersManager/Sql/SiteAccessFilter.php b/plugins/UsersManager/Sql/SiteAccessFilter.php
index ac8da88164..1a34ca9368 100644
--- a/plugins/UsersManager/Sql/SiteAccessFilter.php
+++ b/plugins/UsersManager/Sql/SiteAccessFilter.php
@@ -77,7 +77,7 @@ class SiteAccessFilter
         }
 
         if (!empty($this->idSites)) {
-            $result[] = 'a.idsite IN (' . implode(',', $this->idSites) . ')';
+            $result[] = 's.idsite IN (' . implode(',', $this->idSites) . ')';
         }
 
         if (!empty($result)) {
diff --git a/plugins/UsersManager/tests/Integration/APITest.php b/plugins/UsersManager/tests/Integration/APITest.php
index 3f19c2970a..7da1339cef 100644
--- a/plugins/UsersManager/tests/Integration/APITest.php
+++ b/plugins/UsersManager/tests/Integration/APITest.php
@@ -587,6 +587,22 @@ class APITest extends IntegrationTestCase
         $this->assertEquals($expected, $access);
     }
 
+    public function test_getSitesAccessForUser_shouldLimitSitesIfUserIsAdmin_AndStillSelectNoAccessSitesCorrectly()
+    {
+        $this->addUserWithAccess('userLogin2', 'view', [1], 'userlogin2@email.com');
+
+        $this->api->setUserAccess('userLogin', 'admin', [1, 2, 3]);
+
+        $this->setCurrentUser('userLogin', 'admin', [1, 2, 3]);
+
+        $access = $this->api->getSitesAccessForUser('userLogin2', null, null, null, 'noaccess');
+        $expected = [
+            ['idsite' => '2', 'site_name' => 'Piwik test', 'role' => 'noaccess', 'capabilities' => []],
+            ['idsite' => '3', 'site_name' => 'Piwik test', 'role' => 'noaccess', 'capabilities' => []],
+        ];
+        $this->assertEquals($expected, $access);
+    }
+
     public function test_getSitesAccessForUser_shouldSelectSitesCorrectlyIfAtLeastViewRequested()
     {
         $this->addUserWithAccess('userLogin2', 'view', [1], 'userlogin2@email.com');