What happened?

Description

There is a bug with the 'impersonate as' feature for non-admin users. It seems that the YAML files in users/groups/ are sometimes ignored. I will send the database dump and composer.json file by email.

While debugging, I checked for missing permissions at this location: https://github.dev/craftcms/cms/blob/43bd41904ddf2902006a96e68e324af3b520ac9b/src/services/Users.php#L1555-L1559.

I then discovered that the permission check fails because of a reference to a section UUID that no longer exists. This old section ID was present in the database but hadn't been updated correctly. I suspect the permission values in the database are only updated when a user group is explicitly saved, which might be the source of this bug.

Steps to reproduce

1. Set up Craft CMS using the provided database and composer.json.
2. Follow the additional instructions sent via email.

Expected behavior

A user with the necessary permissions should be able to successfully impersonate a user from another group, as the system should correctly evaluate permissions based on the current project config (YAML files).

Actual behavior

The user is unable to impersonate the target user if not all user groups are saved manually.

Craft CMS version

5.7.7

PHP version

8.3

Operating system and version

macOs 15.4.1 (24E263)

Database type and version

mysql 8.0.40

Image driver and version

No response

Installed plugins and versions