From 69e56b0b5b237aaaabfc25f88fc8265c7549f243 Mon Sep 17 00:00:00 2001
From: Luke Towers <github@luketowers.ca>
Date: Thu, 28 Dec 2017 13:21:00 -0600
Subject: [PATCH] Fixes #3315

Fixes #3315 by moving the manipulation of the filter widget scopes to the controller event method instead of before any part of the controller constructor method is run.
---
 modules/backend/controllers/Users.php | 18 ++++++++++--------
 1 file changed, 10 insertions(+), 8 deletions(-)

diff --git a/modules/backend/controllers/Users.php b/modules/backend/controllers/Users.php
index 2da15ea2d..6aba91696 100644
--- a/modules/backend/controllers/Users.php
+++ b/modules/backend/controllers/Users.php
@@ -49,14 +49,6 @@ class Users extends Controller
      */
     public function __construct()
     {
-        $this->user = BackendAuth::getUser();
-        if (!$this->user->isSuperUser()) {
-            // Prevent non-superusers from even seeing the is_superuser filter
-            $this->listConfig = $this->makeConfig($this->listConfig);
-            $this->listConfig->filter = $this->makeConfig($this->listConfig->filter);
-            unset($this->listConfig->filter->scopes['is_superuser']);
-        }
-
         parent::__construct();
 
         if ($this->action == 'myaccount') {
@@ -76,6 +68,16 @@ class Users extends Controller
             $query->where('is_superuser', false);
         }
     }
+    
+    /**
+     * Prevents non-superusers from even seeing the is_superuser filter
+     */
+    public function listFilterExtendScopes($filterWidget)
+    {
+        if (!$this->user->isSuperUser()) {
+            $filterWidget->removeScope('is_superuser');
+        }
+    }
 
     /**
      * Extends the form query to prevent non-superusers from accessing superusers at all