From 248bc7156d1cecc556f205c0c9af6d3b08454449 Mon Sep 17 00:00:00 2001
From: Cyperghost <olaf_schmitz_1@t-online.de>
Date: Mon, 28 Jul 2025 17:27:40 +0200
Subject: [PATCH 01/19] Add the option to define the query selector for the
 header that should be reloaded.

---
 .../shared_standaloneInteractionButton.tpl        |  4 +++-
 .../Component/Interaction/StandaloneButton.ts     | 14 +++++++++++---
 .../Component/Interaction/StandaloneButton.js     | 15 ++++++++++-----
 ...aloneInteractionContextMenuComponent.class.php |  4 ++++
 4 files changed, 28 insertions(+), 9 deletions(-)

diff --git a/com.woltlab.wcf/templates/shared_standaloneInteractionButton.tpl b/com.woltlab.wcf/templates/shared_standaloneInteractionButton.tpl
index f673f25166..b7affbd2f1 100644
--- a/com.woltlab.wcf/templates/shared_standaloneInteractionButton.tpl
+++ b/com.woltlab.wcf/templates/shared_standaloneInteractionButton.tpl
@@ -22,7 +22,9 @@
 			'{unsafe:$providerClassName|encodeJS}',
 			'{unsafe:$objectID|encodeJS}',
 			'{unsafe:$redirectUrl|encodeJS}',
-			'{unsafe:$reloadHeaderEndpoint|encodeJS}'
+			'{unsafe:$reloadHeaderEndpoint|encodeJS}',
+			'{unsafe:$headerCssClassName|encodeJS}',
+			{if $reloadContextMenu}true{else}false{/if}
 		);
 	});
 </script>
diff --git a/ts/WoltLabSuite/Core/Component/Interaction/StandaloneButton.ts b/ts/WoltLabSuite/Core/Component/Interaction/StandaloneButton.ts
index 5b2a4aa4a0..206683396e 100644
--- a/ts/WoltLabSuite/Core/Component/Interaction/StandaloneButton.ts
+++ b/ts/WoltLabSuite/Core/Component/Interaction/StandaloneButton.ts
@@ -10,6 +10,7 @@
 import { getObject } from "WoltLabSuite/Core/Api/GetObject";
 import { getContextMenuOptions } from "WoltLabSuite/Core/Api/Interactions/GetContextMenuOptions";
 import UiDropdownSimple from "WoltLabSuite/Core/Ui/Dropdown/Simple";
+import { insertHtml } from "WoltLabSuite/Core/Dom/Util";
 
 interface HeaderContent {
   template: string;
@@ -23,6 +24,8 @@ export class StandaloneButton {
   #objectId: string | number;
   #redirectUrl: string;
   #reloadHeaderEndpoint: string;
+  #headerCssClassName: string;
+  #reloadContextMenu: boolean;
 
   constructor(
     container: HTMLElement,
@@ -30,12 +33,16 @@ export class StandaloneButton {
     objectId: string | number,
     redirectUrl: string,
     reloadHeaderEndpoint: string,
+    headerCssClassName: string,
+    reloadContextMenu: boolean,
   ) {
     this.#container = container;
     this.#providerClassName = providerClassName;
     this.#objectId = objectId;
     this.#redirectUrl = redirectUrl;
     this.#reloadHeaderEndpoint = reloadHeaderEndpoint;
+    this.#headerCssClassName = headerCssClassName;
+    this.#reloadContextMenu = reloadContextMenu;
 
     this.#initInteractions();
     this.#initEventListeners();
@@ -55,11 +62,11 @@ export class StandaloneButton {
   }
 
   async #refreshHeader(): Promise<void> {
-    if (!this.#reloadHeaderEndpoint) {
+    if (!this.#reloadContextMenu || !this.#reloadHeaderEndpoint || !this.#headerCssClassName) {
       return;
     }
 
-    const header = document.querySelector(".contentHeaderTitle");
+    const header = document.querySelector(`${this.#headerCssClassName}`);
     if (!header) {
       return;
     }
@@ -69,7 +76,8 @@ export class StandaloneButton {
       return;
     }
 
-    header.outerHTML = result.value.template;
+    insertHtml(result.value.template, header, "before");
+    header.remove();
   }
 
   #getDropdownMenu(): HTMLElement | undefined {
diff --git a/wcfsetup/install/files/js/WoltLabSuite/Core/Component/Interaction/StandaloneButton.js b/wcfsetup/install/files/js/WoltLabSuite/Core/Component/Interaction/StandaloneButton.js
index ae76832889..5478be4b68 100644
--- a/wcfsetup/install/files/js/WoltLabSuite/Core/Component/Interaction/StandaloneButton.js
+++ b/wcfsetup/install/files/js/WoltLabSuite/Core/Component/Interaction/StandaloneButton.js
@@ -6,7 +6,7 @@
  * @license GNU Lesser General Public License <http://opensource.org/licenses/lgpl-license.php>
  * @since 6.2
  */
-define(["require", "exports", "tslib", "WoltLabSuite/Core/Api/GetObject", "WoltLabSuite/Core/Api/Interactions/GetContextMenuOptions", "WoltLabSuite/Core/Ui/Dropdown/Simple"], function (require, exports, tslib_1, GetObject_1, GetContextMenuOptions_1, Simple_1) {
+define(["require", "exports", "tslib", "WoltLabSuite/Core/Api/GetObject", "WoltLabSuite/Core/Api/Interactions/GetContextMenuOptions", "WoltLabSuite/Core/Ui/Dropdown/Simple", "WoltLabSuite/Core/Dom/Util"], function (require, exports, tslib_1, GetObject_1, GetContextMenuOptions_1, Simple_1, Util_1) {
     "use strict";
     Object.defineProperty(exports, "__esModule", { value: true });
     exports.StandaloneButton = void 0;
@@ -17,12 +17,16 @@ define(["require", "exports", "tslib", "WoltLabSuite/Core/Api/GetObject", "WoltL
         #objectId;
         #redirectUrl;
         #reloadHeaderEndpoint;
-        constructor(container, providerClassName, objectId, redirectUrl, reloadHeaderEndpoint) {
+        #headerCssClassName;
+        #reloadContextMenu;
+        constructor(container, providerClassName, objectId, redirectUrl, reloadHeaderEndpoint, headerCssClassName, reloadContextMenu) {
             this.#container = container;
             this.#providerClassName = providerClassName;
             this.#objectId = objectId;
             this.#redirectUrl = redirectUrl;
             this.#reloadHeaderEndpoint = reloadHeaderEndpoint;
+            this.#headerCssClassName = headerCssClassName;
+            this.#reloadContextMenu = reloadContextMenu;
             this.#initInteractions();
             this.#initEventListeners();
         }
@@ -36,10 +40,10 @@ define(["require", "exports", "tslib", "WoltLabSuite/Core/Api/GetObject", "WoltL
             this.#initInteractions();
         }
         async #refreshHeader() {
-            if (!this.#reloadHeaderEndpoint) {
+            if (!this.#reloadContextMenu || !this.#reloadHeaderEndpoint || !this.#headerCssClassName) {
                 return;
             }
-            const header = document.querySelector(".contentHeaderTitle");
+            const header = document.querySelector(`${this.#headerCssClassName}`);
             if (!header) {
                 return;
             }
@@ -47,7 +51,8 @@ define(["require", "exports", "tslib", "WoltLabSuite/Core/Api/GetObject", "WoltL
             if (!result.ok) {
                 return;
             }
-            header.outerHTML = result.value.template;
+            (0, Util_1.insertHtml)(result.value.template, header, "before");
+            header.remove();
         }
         #getDropdownMenu() {
             const button = this.#container.querySelector(".dropdownToggle");
diff --git a/wcfsetup/install/files/lib/system/interaction/StandaloneInteractionContextMenuComponent.class.php b/wcfsetup/install/files/lib/system/interaction/StandaloneInteractionContextMenuComponent.class.php
index c60147ccb8..c3263b1731 100644
--- a/wcfsetup/install/files/lib/system/interaction/StandaloneInteractionContextMenuComponent.class.php
+++ b/wcfsetup/install/files/lib/system/interaction/StandaloneInteractionContextMenuComponent.class.php
@@ -25,6 +25,8 @@ public function __construct(
         protected readonly string $redirectUrl,
         protected readonly string $reloadHeaderEndpoint = '',
         protected ?InteractionContextMenuComponentConfiguration $configuration = null,
+        protected readonly string $headerCssClassName = '.contentHeaderTitle',
+        protected readonly bool $reloadContextMenu = true,
     ) {
         parent::__construct($provider, $configuration);
 
@@ -49,6 +51,8 @@ public function render(): string
                 'objectID' => $this->object->getObjectID(),
                 'redirectUrl' => $this->redirectUrl,
                 'reloadHeaderEndpoint' => $this->reloadHeaderEndpoint,
+                'headerCssClassName' => $this->headerCssClassName,
+                'reloadContextMenu' => $this->reloadContextMenu,
                 'configuration' => $this->configuration,
             ],
         );

From 78ac201087065006f609932e0af2037aad8b0acf Mon Sep 17 00:00:00 2001
From: Cyperghost <olaf_schmitz_1@t-online.de>
Date: Mon, 28 Jul 2025 17:28:10 +0200
Subject: [PATCH 02/19] Use `$view->user` instead of `$user`

---
 .../templates/userProfileHeader.tpl            | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/com.woltlab.wcf/templates/userProfileHeader.tpl b/com.woltlab.wcf/templates/userProfileHeader.tpl
index a37f894b00..dbbe025249 100644
--- a/com.woltlab.wcf/templates/userProfileHeader.tpl
+++ b/com.woltlab.wcf/templates/userProfileHeader.tpl
@@ -30,7 +30,7 @@
 			{if $view->canEditCoverPhoto()}
 				<ul class="userProfileManageCoverPhoto buttonGroup buttonList smallButtons">
 					<li>
-						<button type="button" data-edit-cover-photo="{link controller="UserCoverPhoto" id=$user->userID}{/link}" data-default-cover-photo="{$__wcf->styleHandler->getStyle()->getCoverPhotoUrl()}" class="button small">
+						<button type="button" data-edit-cover-photo="{link controller="UserCoverPhoto" id=$view->user->userID}{/link}" data-default-cover-photo="{$__wcf->styleHandler->getStyle()->getCoverPhotoUrl()}" class="button small">
 							{icon name='camera'}
 							<span>{lang}wcf.user.coverPhoto.edit{/lang}</span>
 						</button>
@@ -68,7 +68,7 @@
 			<h1 class="userProfileHeader__username">
 				<span class="userProfileUsername">{$view->user->username}</span>
 				{if $view->user->banned}
-					<span class="jsTooltip jsUserBanned" title="{lang}wcf.user.banned{/lang}">
+					<span class="jsTooltip jsUserBanned" title="{lang user=$view->user}wcf.user.banned{/lang}">
 						{icon name='lock'}
 					</span>
 				{/if}
@@ -108,13 +108,13 @@
 		<div class="userProfileHeader__buttons">
 			{event name='beforeButtons'}
 
-			{if $__wcf->user->userID && $user->userID != $__wcf->user->userID}
-				{if !$__wcf->getUserProfileHandler()->isIgnoredByUser($user->userID)}
-					{if $__wcf->getUserProfileHandler()->isFollowing($user->userID)}
+			{if $__wcf->user->userID && $view->user->userID != $__wcf->user->userID}
+				{if !$__wcf->getUserProfileHandler()->isIgnoredByUser($view->user->userID)}
+					{if $__wcf->getUserProfileHandler()->isFollowing($view->user->userID)}
 						<button
 							type="button"
 							data-following="1"
-							data-follow-user="{link controller='UserFollow' id=$user->userID}{/link}"
+							data-follow-user="{link controller='UserFollow' id=$view->user->userID}{/link}"
 							class="userProfileHeader__button button small jsTooltip"
 							title="{lang}wcf.user.button.unfollow{/lang}"
 						>{icon name='minus' type='solid'}</button>
@@ -122,7 +122,7 @@
 						<button
 							type="button"
 							data-following="0"
-							data-follow-user="{link controller='UserFollow' id=$user->userID}{/link}"
+							data-follow-user="{link controller='UserFollow' id=$view->user->userID}{/link}"
 							class="userProfileHeader__button button small jsTooltip"
 							title="{lang}wcf.user.button.follow{/lang}"
 						>{icon name='plus' type='solid'}</button>
@@ -164,9 +164,9 @@
 				{if $view->user->canViewOnlineStatus() && $view->user->getLastActivityTime()}
 					<dt>{icon name='clock'} {lang}wcf.user.usersOnline.lastActivity{/lang}</dt>
 					<dd>{time time=$view->user->getLastActivityTime()}</dd>
-					{if $user->getCurrentLocation()}
+					{if $view->user->getCurrentLocation()}
 						<dt>{icon name='location-arrow'} {lang}wcf.user.usersOnline.location{/lang}</dt>
-						<dd>{unsafe:$user->getCurrentLocation()}</dd>
+						<dd>{unsafe:$view->user->getCurrentLocation()}</dd>
 					{/if}
 				{/if}
 				{if $__wcf->session->getPermission('admin.user.canViewIpAddress') && $view->user->registrationIpAddress}

From 26f53bb95ba65a1b7de39f9f83df4094549f905b Mon Sep 17 00:00:00 2001
From: Cyperghost <olaf_schmitz_1@t-online.de>
Date: Mon, 28 Jul 2025 17:29:24 +0200
Subject: [PATCH 03/19] Adding functions for ban/unban users via RPC endpoints

---
 .../files/lib/action/UserBanAction.class.php  | 127 ++++++++++++++++++
 .../files/lib/bootstrap/com.woltlab.wcf.php   |   2 +
 .../core/users/GetUserProfileHeader.class.php |  52 +++++++
 .../controller/core/users/UnbanUser.class.php |  55 ++++++++
 .../user/UserManagementInteractions.class.php |  89 ++++++------
 .../lib/system/user/command/Ban.class.php     |  34 +++++
 .../lib/system/user/command/Unban.class.php   |  31 +++++
 .../profile/UserProfileHeaderView.class.php   |   6 +-
 8 files changed, 354 insertions(+), 42 deletions(-)
 create mode 100644 wcfsetup/install/files/lib/action/UserBanAction.class.php
 create mode 100644 wcfsetup/install/files/lib/system/endpoint/controller/core/users/GetUserProfileHeader.class.php
 create mode 100644 wcfsetup/install/files/lib/system/endpoint/controller/core/users/UnbanUser.class.php
 create mode 100644 wcfsetup/install/files/lib/system/user/command/Ban.class.php
 create mode 100644 wcfsetup/install/files/lib/system/user/command/Unban.class.php

diff --git a/wcfsetup/install/files/lib/action/UserBanAction.class.php b/wcfsetup/install/files/lib/action/UserBanAction.class.php
new file mode 100644
index 0000000000..8a6ab89efd
--- /dev/null
+++ b/wcfsetup/install/files/lib/action/UserBanAction.class.php
@@ -0,0 +1,127 @@
+<?php
+
+namespace wcf\action;
+
+use Laminas\Diactoros\Response\JsonResponse;
+use Psr\Http\Message\ResponseInterface;
+use Psr\Http\Message\ServerRequestInterface;
+use Psr\Http\Server\RequestHandlerInterface;
+use wcf\data\user\group\UserGroup;
+use wcf\data\user\UserProfile;
+use wcf\http\Helper;
+use wcf\system\cache\runtime\UserProfileRuntimeCache;
+use wcf\system\exception\IllegalLinkException;
+use wcf\system\exception\PermissionDeniedException;
+use wcf\system\form\builder\field\BooleanFormField;
+use wcf\system\form\builder\field\DateFormField;
+use wcf\system\form\builder\field\dependency\EmptyFormFieldDependency;
+use wcf\system\form\builder\field\MultilineTextFormField;
+use wcf\system\form\builder\Psr15DialogForm;
+use wcf\system\user\command\Ban;
+use wcf\system\WCF;
+
+/**
+ * Handles ban a user.
+ *
+ * @author Olaf Braun
+ * @copyright 2001-2025 WoltLab GmbH
+ * @license GNU Lesser General Public License <http://opensource.org/licenses/lgpl-license.php>
+ * @since 6.3
+ */
+final class UserBanAction implements RequestHandlerInterface
+{
+    #[\Override]
+    public function handle(ServerRequestInterface $request): ResponseInterface
+    {
+        $parameters = Helper::mapQueryParameters(
+            $request->getQueryParams(),
+            <<<'EOT'
+                array {
+                    id: positive-int
+                }
+                EOT
+        );
+
+        $user = UserProfileRuntimeCache::getInstance()->getObject($parameters['id']);
+        $this->assertUserCanBeBanned($user);
+
+        $form = $this->getForm();
+
+        if ($request->getMethod() === 'GET') {
+            return $form->toResponse();
+        } elseif ($request->getMethod() === 'POST') {
+            $response = $form->validateRequest($request);
+            if ($response !== null) {
+                return $response;
+            }
+
+            $data = $form->getData()['data'];
+            $reason = $data['reason'];
+            if ($data['neverExpires']) {
+                $expires = null;
+            } else {
+                $expires = $data['expires'];
+            }
+
+            (new Ban($user->getDecoratedObject(), $reason, $expires))();
+
+            return new JsonResponse([]);
+        } else {
+            throw new \LogicException('Unreachable');
+        }
+    }
+
+    private function assertUserCanBeBanned(?UserProfile $userProfile): void
+    {
+        if (!$userProfile) {
+            throw new IllegalLinkException();
+        }
+
+        if ($userProfile->userID === WCF::getUser()->userID) {
+            throw new IllegalLinkException();
+        }
+
+        if (!WCF::getSession()->getPermission('admin.user.canBanUser')) {
+            throw new PermissionDeniedException();
+        }
+
+        if (!UserGroup::isAccessibleGroup($userProfile->getGroupIDs())) {
+            throw new PermissionDeniedException();
+        }
+
+        if ($userProfile->banned !== 0) {
+            throw new IllegalLinkException();
+        }
+    }
+
+    private function getForm(): Psr15DialogForm
+    {
+        $form = new Psr15DialogForm(
+            static::class,
+            WCF::getLanguage()->getDynamicVariable('wcf.user.ban.confirmMessage')
+        );
+        $form->appendChildren([
+            MultilineTextFormField::create('reason')
+                ->rows(3)
+                ->label('wcf.global.reason')
+                ->description('wcf.user.ban.reason.description'),
+            BooleanFormField::create('neverExpires')
+                ->label('wcf.user.ban.neverExpires')
+                ->value(true),
+            DateFormField::create('expires')
+                ->label('wcf.user.ban.expires')
+                ->description('wcf.user.ban.expires.description')
+                ->earliestDate(TIME_NOW)
+                ->required()
+                ->addDependency(
+                    EmptyFormFieldDependency::create('neverExpires')
+                        ->fieldId('neverExpires')
+                ),
+        ]);
+
+        $form->markRequiredFields(false);
+        $form->build();
+
+        return $form;
+    }
+}
diff --git a/wcfsetup/install/files/lib/bootstrap/com.woltlab.wcf.php b/wcfsetup/install/files/lib/bootstrap/com.woltlab.wcf.php
index 3e860c3274..8e4585d58f 100644
--- a/wcfsetup/install/files/lib/bootstrap/com.woltlab.wcf.php
+++ b/wcfsetup/install/files/lib/bootstrap/com.woltlab.wcf.php
@@ -174,6 +174,8 @@ static function (\wcf\event\endpoint\ControllerCollecting $event) {
             $event->register(new \wcf\system\endpoint\controller\core\users\options\EnableOption());
             $event->register(new \wcf\system\endpoint\controller\core\users\ranks\DeleteUserRank());
             $event->register(new \wcf\system\endpoint\controller\core\users\trophies\DeleteUserTrophy());
+            $event->register(new \wcf\system\endpoint\controller\core\users\GetUserProfileHeader());
+            $event->register(new \wcf\system\endpoint\controller\core\users\UnbanUser());
             $event->register(new \wcf\system\endpoint\controller\core\interactions\GetBulkContextMenuOptions());
             $event->register(new \wcf\system\endpoint\controller\core\interactions\GetContextMenuOptions());
             $event->register(new \wcf\system\endpoint\controller\core\articles\DeleteArticle());
diff --git a/wcfsetup/install/files/lib/system/endpoint/controller/core/users/GetUserProfileHeader.class.php b/wcfsetup/install/files/lib/system/endpoint/controller/core/users/GetUserProfileHeader.class.php
new file mode 100644
index 0000000000..977a695e11
--- /dev/null
+++ b/wcfsetup/install/files/lib/system/endpoint/controller/core/users/GetUserProfileHeader.class.php
@@ -0,0 +1,52 @@
+<?php
+
+namespace wcf\system\endpoint\controller\core\users;
+
+use Laminas\Diactoros\Response\JsonResponse;
+use Psr\Http\Message\ResponseInterface;
+use Psr\Http\Message\ServerRequestInterface;
+use wcf\data\user\UserProfile;
+use wcf\system\cache\runtime\UserProfileRuntimeCache;
+use wcf\system\endpoint\GetRequest;
+use wcf\system\endpoint\IController;
+use wcf\system\exception\PermissionDeniedException;
+use wcf\system\exception\UserInputException;
+use wcf\system\view\user\profile\UserProfileHeaderView;
+use wcf\system\WCF;
+
+/**
+ * API endpoint for getting the header template for a user profile.
+ *
+ * @author Olaf Braun
+ * @copyright 2001-2025 WoltLab GmbH
+ * @license GNU Lesser General Public License <http://opensource.org/licenses/lgpl-license.php>
+ * @since 6.3
+ */
+#[GetRequest('/core/users/{id:\d+}/profile-header')]
+final class GetUserProfileHeader implements IController
+{
+    #[\Override]
+    public function __invoke(ServerRequestInterface $request, array $variables): ResponseInterface
+    {
+        $userProfile = UserProfileRuntimeCache::getInstance()->getObject((int)$variables['id']);
+
+        $this->assertUserProfileCanBeViewed($userProfile);
+
+        $view = new UserProfileHeaderView($userProfile);
+
+        return new JsonResponse([
+            'template' => $view->__toString(),
+        ]);
+    }
+
+    private function assertUserProfileCanBeViewed(?UserProfile $userProfile): void
+    {
+        if ($userProfile === null) {
+            throw new UserInputException('id');
+        }
+
+        if ($userProfile->userID !== WCF::getUser()->userID && !WCF::getSession()->getPermission('user.profile.canViewUserProfile')) {
+            throw new PermissionDeniedException();
+        }
+    }
+}
diff --git a/wcfsetup/install/files/lib/system/endpoint/controller/core/users/UnbanUser.class.php b/wcfsetup/install/files/lib/system/endpoint/controller/core/users/UnbanUser.class.php
new file mode 100644
index 0000000000..a47fe70634
--- /dev/null
+++ b/wcfsetup/install/files/lib/system/endpoint/controller/core/users/UnbanUser.class.php
@@ -0,0 +1,55 @@
+<?php
+
+namespace wcf\system\endpoint\controller\core\users;
+
+use Laminas\Diactoros\Response\JsonResponse;
+use Psr\Http\Message\ResponseInterface;
+use Psr\Http\Message\ServerRequestInterface;
+use wcf\data\user\group\UserGroup;
+use wcf\data\user\User;
+use wcf\http\Helper;
+use wcf\system\endpoint\IController;
+use wcf\system\endpoint\PostRequest;
+use wcf\system\exception\IllegalLinkException;
+use wcf\system\exception\PermissionDeniedException;
+use wcf\system\user\command\Unban;
+use wcf\system\WCF;
+
+/**
+ * API endpoint for unbanning a user.
+ *
+ * @author Olaf Braun
+ * @copyright 2001-2025 WoltLab GmbH
+ * @license GNU Lesser General Public License <http://opensource.org/licenses/lgpl-license.php>
+ * @since 6.3
+ */
+#[PostRequest('/core/users/{id:\d+}/unban')]
+final class UnbanUser implements IController
+{
+    #[\Override]
+    public function __invoke(ServerRequestInterface $request, array $variables): ResponseInterface
+    {
+        $user = Helper::fetchObjectFromRequestParameter($variables['id'], User::class);
+
+        $this->assertUserCanUnbanned($user);
+
+        if ($user->banned) {
+            (new Unban($user))();
+        }
+
+        return new JsonResponse([]);
+    }
+
+    private function assertUserCanUnbanned(User $user): void
+    {
+        if (WCF::getUser()->userID === $user->userID) {
+            throw new IllegalLinkException();
+        }
+        if (!WCF::getSession()->getPermission('admin.user.canBanUser')) {
+            throw new PermissionDeniedException();
+        }
+        if (!UserGroup::isAccessibleGroup($user->getGroupIDs())) {
+            throw new PermissionDeniedException();
+        }
+    }
+}
diff --git a/wcfsetup/install/files/lib/system/interaction/user/UserManagementInteractions.class.php b/wcfsetup/install/files/lib/system/interaction/user/UserManagementInteractions.class.php
index dcdc71bbee..c003145c41 100644
--- a/wcfsetup/install/files/lib/system/interaction/user/UserManagementInteractions.class.php
+++ b/wcfsetup/install/files/lib/system/interaction/user/UserManagementInteractions.class.php
@@ -3,6 +3,7 @@
 namespace wcf\system\interaction\user;
 
 use wcf\acp\form\UserEditForm;
+use wcf\action\UserBanAction;
 use wcf\data\DatabaseObject;
 use wcf\data\user\group\UserGroup;
 use wcf\data\user\UserProfile;
@@ -10,6 +11,8 @@
 use wcf\system\event\EventHandler;
 use wcf\system\interaction\AbstractInteraction;
 use wcf\system\interaction\AbstractInteractionProvider;
+use wcf\system\interaction\FormBuilderDialogInteraction;
+use wcf\system\interaction\RpcInteraction;
 use wcf\system\request\LinkHandler;
 use wcf\system\WCF;
 use wcf\util\StringUtil;
@@ -27,34 +30,52 @@ final class UserManagementInteractions extends AbstractInteractionProvider
 {
     public function __construct()
     {
-        if (WCF::getSession()->getPermission('admin.user.canBanUser')) {
-            $this->addInteraction(
-                new class(
-                    'ban',
-                    static fn(UserProfile $user) => UserGroup::isAccessibleGroup($user->getGroupIDs()) && WCF::getUser()->userID !== $user->userID
-                ) extends AbstractInteraction {
-                    #[\Override]
-                    public function render(DatabaseObject $object): string
-                    {
-                        \assert($object instanceof UserProfile);
-                        $title = WCF::getLanguage()->get($object->banned ? 'wcf.user.unban' : 'wcf.user.ban');
+        $this->addInteraction(
+            new FormBuilderDialogInteraction(
+                "ban",
+                LinkHandler::getInstance()->getControllerLink(UserBanAction::class, [
+                    'id' => '%s',
+                ]),
+                'wcf.user.ban',
+                static function (UserProfile $user): bool {
+                    if (WCF::getUser()->userID === $user->userID) {
+                        return false;
+                    }
+                    if (!WCF::getSession()->getPermission('admin.user.canBanUser')) {
+                        return false;
+                    }
+                    if (!UserGroup::isAccessibleGroup($user->getGroupIDs())) {
+                        return false;
+                    }
 
-                        return <<<HTML
-                            <button
-                                type="button"
-                                class="jsButtonUserBan"
-                            >{$title}</button>
-                            HTML;
+                    return $user->banned === 0;
+                },
+            )
+        );
+        $this->addInteraction(
+            new RpcInteraction(
+                "unban",
+                'core/users/%s/unban',
+                'wcf.user.unban',
+                isAvailableCallback: static function (UserProfile $user): bool {
+                    if (WCF::getUser()->userID === $user->userID) {
+                        return false;
                     }
-                }
-            );
-        }
+                    if (!WCF::getSession()->getPermission('admin.user.canBanUser')) {
+                        return false;
+                    }
+                    if (!UserGroup::isAccessibleGroup($user->getGroupIDs())) {
+                        return false;
+                    }
+
+                    return $user->banned === 1;
+                },
+            )
+        );
+
         if (WCF::getSession()->getPermission('admin.user.canDisableAvatar')) {
             $this->addInteraction(
-                new class(
-                    'disable-avatar',
-                    static fn(UserProfile $user) => UserGroup::isAccessibleGroup($user->getGroupIDs()) && WCF::getUser()->userID !== $user->userID
-                ) extends AbstractInteraction {
+                new class('disable-avatar', static fn (UserProfile $user) => UserGroup::isAccessibleGroup($user->getGroupIDs()) && WCF::getUser()->userID !== $user->userID) extends AbstractInteraction {
                     #[\Override]
                     public function render(DatabaseObject $object): string
                     {
@@ -73,10 +94,7 @@ class="jsButtonUserDisableAvatar"
         }
         if (WCF::getSession()->getPermission('admin.user.canDisableSignature')) {
             $this->addInteraction(
-                new class(
-                    'disable-signature',
-                    static fn(UserProfile $user) => UserGroup::isAccessibleGroup($user->getGroupIDs()) && WCF::getUser()->userID !== $user->userID
-                ) extends AbstractInteraction {
+                new class('disable-signature', static fn (UserProfile $user) => UserGroup::isAccessibleGroup($user->getGroupIDs()) && WCF::getUser()->userID !== $user->userID) extends AbstractInteraction {
                     #[\Override]
                     public function render(DatabaseObject $object): string
                     {
@@ -95,10 +113,7 @@ class="jsButtonUserDisableSignature"
         }
         if (WCF::getSession()->getPermission('admin.user.canDisableCoverPhoto')) {
             $this->addInteraction(
-                new class(
-                    'disable-cover-photo',
-                    static fn(UserProfile $user) => UserGroup::isAccessibleGroup($user->getGroupIDs()) && WCF::getUser()->userID !== $user->userID
-                ) extends AbstractInteraction {
+                new class('disable-cover-photo', static fn (UserProfile $user) => UserGroup::isAccessibleGroup($user->getGroupIDs()) && WCF::getUser()->userID !== $user->userID) extends AbstractInteraction {
                     #[\Override]
                     public function render(DatabaseObject $object): string
                     {
@@ -117,10 +132,7 @@ class="jsButtonUserDisableCoverPhoto"
         }
         if (WCF::getSession()->getPermission('admin.user.canEnableUser')) {
             $this->addInteraction(
-                new class(
-                    'enable',
-                    static fn(UserProfile $user) => UserGroup::isAccessibleGroup($user->getGroupIDs()) && WCF::getUser()->userID !== $user->userID
-                ) extends AbstractInteraction {
+                new class('enable', static fn (UserProfile $user) => UserGroup::isAccessibleGroup($user->getGroupIDs()) && WCF::getUser()->userID !== $user->userID) extends AbstractInteraction {
                     #[\Override]
                     public function render(DatabaseObject $object): string
                     {
@@ -139,10 +151,7 @@ class="jsButtonUserEnable"
         }
         if (WCF::getSession()->getPermission('admin.general.canUseAcp') && WCF::getSession()->getPermission('admin.user.canEditUser')) {
             $this->addInteraction(
-                new class(
-                    'edit',
-                    static fn(UserProfile $user) => UserGroup::isAccessibleGroup($user->getGroupIDs()) && WCF::getUser()->userID !== $user->userID
-                ) extends AbstractInteraction {
+                new class('edit', static fn (UserProfile $user) => UserGroup::isAccessibleGroup($user->getGroupIDs()) && WCF::getUser()->userID !== $user->userID) extends AbstractInteraction {
                     #[\Override]
                     public function render(DatabaseObject $object): string
                     {
diff --git a/wcfsetup/install/files/lib/system/user/command/Ban.class.php b/wcfsetup/install/files/lib/system/user/command/Ban.class.php
new file mode 100644
index 0000000000..53596bad07
--- /dev/null
+++ b/wcfsetup/install/files/lib/system/user/command/Ban.class.php
@@ -0,0 +1,34 @@
+<?php
+
+namespace wcf\system\user\command;
+
+use wcf\data\user\User;
+use wcf\data\user\UserEditor;
+
+/**
+ * Ban a user.
+ *
+ * @author Olaf Braun
+ * @copyright 2001-2025 WoltLab GmbH
+ * @license GNU Lesser General Public License <http://opensource.org/licenses/lgpl-license.php>
+ * @since 6.3
+ */
+final class Ban
+{
+    public function __construct(
+        private readonly User $user,
+        private readonly string $reason,
+        private readonly ?int $banExpires = null,
+    ) {
+    }
+
+    public function __invoke(): void
+    {
+        $editor = new UserEditor($this->user);
+        $editor->update([
+            'banned' => 1,
+            'banReason' => $this->reason,
+            'banExpires' => $this->banExpires ?? 0,
+        ]);
+    }
+}
diff --git a/wcfsetup/install/files/lib/system/user/command/Unban.class.php b/wcfsetup/install/files/lib/system/user/command/Unban.class.php
new file mode 100644
index 0000000000..c3c0963e3c
--- /dev/null
+++ b/wcfsetup/install/files/lib/system/user/command/Unban.class.php
@@ -0,0 +1,31 @@
+<?php
+
+namespace wcf\system\user\command;
+
+use wcf\data\user\User;
+use wcf\data\user\UserEditor;
+
+/**
+ * Unban a user.
+ *
+ * @author Olaf Braun
+ * @copyright 2001-2025 WoltLab GmbH
+ * @license GNU Lesser General Public License <http://opensource.org/licenses/lgpl-license.php>
+ * @since 6.3
+ */
+final class Unban
+{
+    public function __construct(
+        private readonly User $user,
+    ) {
+    }
+
+    public function __invoke(): void
+    {
+        $editor = new UserEditor($this->user);
+        $editor->update([
+            'banned' => 0,
+            'banExpires' => 0,
+        ]);
+    }
+}
diff --git a/wcfsetup/install/files/lib/system/view/user/profile/UserProfileHeaderView.class.php b/wcfsetup/install/files/lib/system/view/user/profile/UserProfileHeaderView.class.php
index 2aa4497c6b..a2c7668ace 100644
--- a/wcfsetup/install/files/lib/system/view/user/profile/UserProfileHeaderView.class.php
+++ b/wcfsetup/install/files/lib/system/view/user/profile/UserProfileHeaderView.class.php
@@ -146,13 +146,15 @@ private function initManagementContextMenu(): void
             new UserManagementInteractions(),
             $this->user,
             LinkHandler::getInstance()->getControllerLink(MembersListPage::class),
+            reloadHeaderEndpoint: "core/users/{$this->user->userID}/profile-header",
             configuration: new InteractionContextMenuComponentConfiguration(
                 cssClassName: 'userProfileHeader__button',
                 buttonCssClassName: 'button small',
                 dropdownMenuCssClassName: 'userProfileHeader__managementOptions',
+                tooltip: 'wcf.user.profile.management',
                 icon: FontAwesomeIcon::fromValues('gear'),
-                tooltip: 'wcf.user.profile.management'
-            )
+            ),
+            headerCssClassName: '.userProfileHeader'
         );
 
         if (!$this->isInAccessibleGroup() || $this->user->userID == WCF::getUser()->userID) {

From e5921d18c28fe8555f4a9afa3817ba03bff45eb9 Mon Sep 17 00:00:00 2001
From: Cyperghost <olaf_schmitz_1@t-online.de>
Date: Mon, 28 Jul 2025 17:42:03 +0200
Subject: [PATCH 04/19] Adding functions for enable/disable users avtar via RPC
 endpoints

---
 .../action/UserDisableAvatarAction.class.php  | 126 ++++++++++++++++++
 .../files/lib/bootstrap/com.woltlab.wcf.php   |   1 +
 .../core/users/EnableUserAvatar.class.php     |  55 ++++++++
 .../user/UserManagementInteractions.class.php |  64 ++++++---
 .../user/command/DisableAvatar.class.php      |  34 +++++
 .../user/command/EnableAvatar.class.php       |  31 +++++
 6 files changed, 291 insertions(+), 20 deletions(-)
 create mode 100644 wcfsetup/install/files/lib/action/UserDisableAvatarAction.class.php
 create mode 100644 wcfsetup/install/files/lib/system/endpoint/controller/core/users/EnableUserAvatar.class.php
 create mode 100644 wcfsetup/install/files/lib/system/user/command/DisableAvatar.class.php
 create mode 100644 wcfsetup/install/files/lib/system/user/command/EnableAvatar.class.php

diff --git a/wcfsetup/install/files/lib/action/UserDisableAvatarAction.class.php b/wcfsetup/install/files/lib/action/UserDisableAvatarAction.class.php
new file mode 100644
index 0000000000..7923008ed9
--- /dev/null
+++ b/wcfsetup/install/files/lib/action/UserDisableAvatarAction.class.php
@@ -0,0 +1,126 @@
+<?php
+
+namespace wcf\action;
+
+use Laminas\Diactoros\Response\JsonResponse;
+use Psr\Http\Message\ResponseInterface;
+use Psr\Http\Message\ServerRequestInterface;
+use Psr\Http\Server\RequestHandlerInterface;
+use wcf\data\user\group\UserGroup;
+use wcf\data\user\UserProfile;
+use wcf\http\Helper;
+use wcf\system\cache\runtime\UserProfileRuntimeCache;
+use wcf\system\exception\IllegalLinkException;
+use wcf\system\exception\PermissionDeniedException;
+use wcf\system\form\builder\field\BooleanFormField;
+use wcf\system\form\builder\field\DateFormField;
+use wcf\system\form\builder\field\dependency\EmptyFormFieldDependency;
+use wcf\system\form\builder\field\MultilineTextFormField;
+use wcf\system\form\builder\Psr15DialogForm;
+use wcf\system\user\command\DisableAvatar;
+use wcf\system\WCF;
+
+/**
+ * Handles disabling of user avatars.
+ *
+ * @author Olaf Braun
+ * @copyright 2001-2025 WoltLab GmbH
+ * @license GNU Lesser General Public License <http://opensource.org/licenses/lgpl-license.php>
+ * @since 6.3
+ */
+final class UserDisableAvatarAction implements RequestHandlerInterface
+{
+    #[\Override]
+    public function handle(ServerRequestInterface $request): ResponseInterface
+    {
+        $parameters = Helper::mapQueryParameters(
+            $request->getQueryParams(),
+            <<<'EOT'
+                array {
+                    id: positive-int
+                }
+                EOT
+        );
+
+        $user = UserProfileRuntimeCache::getInstance()->getObject($parameters['id']);
+        $this->assertAvatarCanBeDisabled($user);
+
+        $form = $this->getForm();
+
+        if ($request->getMethod() === 'GET') {
+            return $form->toResponse();
+        } elseif ($request->getMethod() === 'POST') {
+            $response = $form->validateRequest($request);
+            if ($response !== null) {
+                return $response;
+            }
+
+            $data = $form->getData()['data'];
+            $reason = $data['reason'];
+            if ($data['neverExpires']) {
+                $expires = null;
+            } else {
+                $expires = $data['expires'];
+            }
+
+            (new DisableAvatar($user->getDecoratedObject(), $reason, $expires))();
+
+            return new JsonResponse([]);
+        } else {
+            throw new \LogicException('Unreachable');
+        }
+    }
+
+    private function assertAvatarCanBeDisabled(?UserProfile $userProfile): void
+    {
+        if (!$userProfile) {
+            throw new IllegalLinkException();
+        }
+
+        if ($userProfile->userID === WCF::getUser()->userID) {
+            throw new IllegalLinkException();
+        }
+
+        if (!WCF::getSession()->getPermission('admin.user.canDisableAvatar')) {
+            throw new PermissionDeniedException();
+        }
+
+        if (!UserGroup::isAccessibleGroup($userProfile->getGroupIDs())) {
+            throw new PermissionDeniedException();
+        }
+
+        if ($userProfile->disableAvatar !== 0) {
+            throw new IllegalLinkException();
+        }
+    }
+
+    private function getForm(): Psr15DialogForm
+    {
+        $form = new Psr15DialogForm(
+            static::class,
+            WCF::getLanguage()->getDynamicVariable('wcf.user.disableAvatar.confirmMessage')
+        );
+        $form->appendChildren([
+            MultilineTextFormField::create('reason')
+                ->rows(3)
+                ->label('wcf.global.reason'),
+            BooleanFormField::create('neverExpires')
+                ->label('wcf.user.disableAvatar.neverExpires')
+                ->value(true),
+            DateFormField::create('expires')
+                ->label('wcf.user.disableAvatar.expires')
+                ->description('wcf.user.disableAvatar.expires.description')
+                ->earliestDate(TIME_NOW)
+                ->required()
+                ->addDependency(
+                    EmptyFormFieldDependency::create('neverExpires')
+                        ->fieldId('neverExpires')
+                ),
+        ]);
+
+        $form->markRequiredFields(false);
+        $form->build();
+
+        return $form;
+    }
+}
diff --git a/wcfsetup/install/files/lib/bootstrap/com.woltlab.wcf.php b/wcfsetup/install/files/lib/bootstrap/com.woltlab.wcf.php
index 8e4585d58f..1733a19ed5 100644
--- a/wcfsetup/install/files/lib/bootstrap/com.woltlab.wcf.php
+++ b/wcfsetup/install/files/lib/bootstrap/com.woltlab.wcf.php
@@ -176,6 +176,7 @@ static function (\wcf\event\endpoint\ControllerCollecting $event) {
             $event->register(new \wcf\system\endpoint\controller\core\users\trophies\DeleteUserTrophy());
             $event->register(new \wcf\system\endpoint\controller\core\users\GetUserProfileHeader());
             $event->register(new \wcf\system\endpoint\controller\core\users\UnbanUser());
+            $event->register(new \wcf\system\endpoint\controller\core\users\EnableUserAvatar());
             $event->register(new \wcf\system\endpoint\controller\core\interactions\GetBulkContextMenuOptions());
             $event->register(new \wcf\system\endpoint\controller\core\interactions\GetContextMenuOptions());
             $event->register(new \wcf\system\endpoint\controller\core\articles\DeleteArticle());
diff --git a/wcfsetup/install/files/lib/system/endpoint/controller/core/users/EnableUserAvatar.class.php b/wcfsetup/install/files/lib/system/endpoint/controller/core/users/EnableUserAvatar.class.php
new file mode 100644
index 0000000000..4f10c296b0
--- /dev/null
+++ b/wcfsetup/install/files/lib/system/endpoint/controller/core/users/EnableUserAvatar.class.php
@@ -0,0 +1,55 @@
+<?php
+
+namespace wcf\system\endpoint\controller\core\users;
+
+use Laminas\Diactoros\Response\JsonResponse;
+use Psr\Http\Message\ResponseInterface;
+use Psr\Http\Message\ServerRequestInterface;
+use wcf\data\user\group\UserGroup;
+use wcf\data\user\User;
+use wcf\http\Helper;
+use wcf\system\endpoint\IController;
+use wcf\system\endpoint\PostRequest;
+use wcf\system\exception\IllegalLinkException;
+use wcf\system\exception\PermissionDeniedException;
+use wcf\system\user\command\EnableAvatar;
+use wcf\system\WCF;
+
+/**
+ * API endpoint for enabling a user's avatar.
+ *
+ * @author Olaf Braun
+ * @copyright 2001-2025 WoltLab GmbH
+ * @license GNU Lesser General Public License <http://opensource.org/licenses/lgpl-license.php>
+ * @since 6.3
+ */
+#[PostRequest('/core/users/{id:\d+}/enable-avatar')]
+final class EnableUserAvatar implements IController
+{
+    #[\Override]
+    public function __invoke(ServerRequestInterface $request, array $variables): ResponseInterface
+    {
+        $user = Helper::fetchObjectFromRequestParameter($variables['id'], User::class);
+
+        $this->assertAvatarCanBeEnabled($user);
+
+        if ($user->disableAvatar) {
+            (new EnableAvatar($user))();
+        }
+
+        return new JsonResponse([]);
+    }
+
+    private function assertAvatarCanBeEnabled(User $user): void
+    {
+        if (WCF::getUser()->userID === $user->userID) {
+            throw new IllegalLinkException();
+        }
+        if (!WCF::getSession()->getPermission('admin.user.canDisableAvatar')) {
+            throw new PermissionDeniedException();
+        }
+        if (!UserGroup::isAccessibleGroup($user->getGroupIDs())) {
+            throw new PermissionDeniedException();
+        }
+    }
+}
diff --git a/wcfsetup/install/files/lib/system/interaction/user/UserManagementInteractions.class.php b/wcfsetup/install/files/lib/system/interaction/user/UserManagementInteractions.class.php
index c003145c41..dbe12344df 100644
--- a/wcfsetup/install/files/lib/system/interaction/user/UserManagementInteractions.class.php
+++ b/wcfsetup/install/files/lib/system/interaction/user/UserManagementInteractions.class.php
@@ -4,6 +4,7 @@
 
 use wcf\acp\form\UserEditForm;
 use wcf\action\UserBanAction;
+use wcf\action\UserDisableAvatarAction;
 use wcf\data\DatabaseObject;
 use wcf\data\user\group\UserGroup;
 use wcf\data\user\UserProfile;
@@ -32,7 +33,7 @@ public function __construct()
     {
         $this->addInteraction(
             new FormBuilderDialogInteraction(
-                "ban",
+                'ban',
                 LinkHandler::getInstance()->getControllerLink(UserBanAction::class, [
                     'id' => '%s',
                 ]),
@@ -54,7 +55,7 @@ static function (UserProfile $user): bool {
         );
         $this->addInteraction(
             new RpcInteraction(
-                "unban",
+                'unban',
                 'core/users/%s/unban',
                 'wcf.user.unban',
                 isAvailableCallback: static function (UserProfile $user): bool {
@@ -72,26 +73,49 @@ static function (UserProfile $user): bool {
                 },
             )
         );
+        $this->addInteraction(
+            new FormBuilderDialogInteraction(
+                'disable-avatar',
+                LinkHandler::getInstance()->getControllerLink(UserDisableAvatarAction::class, [
+                    'id' => '%s',
+                ]),
+                'wcf.user.disableAvatar',
+                static function (UserProfile $user): bool {
+                    if (WCF::getUser()->userID === $user->userID) {
+                        return false;
+                    }
+                    if (!WCF::getSession()->getPermission('admin.user.canDisableAvatar')) {
+                        return false;
+                    }
+                    if (!UserGroup::isAccessibleGroup($user->getGroupIDs())) {
+                        return false;
+                    }
 
-        if (WCF::getSession()->getPermission('admin.user.canDisableAvatar')) {
-            $this->addInteraction(
-                new class('disable-avatar', static fn (UserProfile $user) => UserGroup::isAccessibleGroup($user->getGroupIDs()) && WCF::getUser()->userID !== $user->userID) extends AbstractInteraction {
-                    #[\Override]
-                    public function render(DatabaseObject $object): string
-                    {
-                        \assert($object instanceof UserProfile);
-                        $title = WCF::getLanguage()->get($object->disableAvatar ? 'wcf.user.enableAvatar' : 'wcf.user.disableAvatar');
-
-                        return <<<HTML
-                            <button
-                                type="button"
-                                class="jsButtonUserDisableAvatar"
-                            >{$title}</button>
-                            HTML;
+                    return $user->disableAvatar === 0;
+                },
+            )
+        );
+        $this->addInteraction(
+            new RpcInteraction(
+                'enable-avatar',
+                'core/users/%s/enable-avatar',
+                'wcf.user.enableAvatar',
+                isAvailableCallback: static function (UserProfile $user): bool {
+                    if (WCF::getUser()->userID === $user->userID) {
+                        return false;
                     }
-                }
-            );
-        }
+                    if (!WCF::getSession()->getPermission('admin.user.canDisableAvatar')) {
+                        return false;
+                    }
+                    if (!UserGroup::isAccessibleGroup($user->getGroupIDs())) {
+                        return false;
+                    }
+
+                    return $user->disableAvatar === 1;
+                },
+            )
+        );
+
         if (WCF::getSession()->getPermission('admin.user.canDisableSignature')) {
             $this->addInteraction(
                 new class('disable-signature', static fn (UserProfile $user) => UserGroup::isAccessibleGroup($user->getGroupIDs()) && WCF::getUser()->userID !== $user->userID) extends AbstractInteraction {
diff --git a/wcfsetup/install/files/lib/system/user/command/DisableAvatar.class.php b/wcfsetup/install/files/lib/system/user/command/DisableAvatar.class.php
new file mode 100644
index 0000000000..34dc18b102
--- /dev/null
+++ b/wcfsetup/install/files/lib/system/user/command/DisableAvatar.class.php
@@ -0,0 +1,34 @@
+<?php
+
+namespace wcf\system\user\command;
+
+use wcf\data\user\User;
+use wcf\data\user\UserEditor;
+
+/**
+ * Disable a user's avatar.
+ *
+ * @author Olaf Braun
+ * @copyright 2001-2025 WoltLab GmbH
+ * @license GNU Lesser General Public License <http://opensource.org/licenses/lgpl-license.php>
+ * @since 6.3
+ */
+final class DisableAvatar
+{
+    public function __construct(
+        private readonly User $user,
+        private readonly string $reason,
+        private readonly ?int $banExpires = null,
+    ) {
+    }
+
+    public function __invoke(): void
+    {
+        $editor = new UserEditor($this->user);
+        $editor->update([
+            'disableAvatar' => 1,
+            'disableAvatarReason' => $this->reason,
+            'disableAvatarExpires' => $this->banExpires ?? 0,
+        ]);
+    }
+}
diff --git a/wcfsetup/install/files/lib/system/user/command/EnableAvatar.class.php b/wcfsetup/install/files/lib/system/user/command/EnableAvatar.class.php
new file mode 100644
index 0000000000..5a207f7fb8
--- /dev/null
+++ b/wcfsetup/install/files/lib/system/user/command/EnableAvatar.class.php
@@ -0,0 +1,31 @@
+<?php
+
+namespace wcf\system\user\command;
+
+use wcf\data\user\User;
+use wcf\data\user\UserEditor;
+
+/**
+ * Enable a user's avatar.
+ *
+ * @author Olaf Braun
+ * @copyright 2001-2025 WoltLab GmbH
+ * @license GNU Lesser General Public License <http://opensource.org/licenses/lgpl-license.php>
+ * @since 6.3
+ */
+final class EnableAvatar
+{
+    public function __construct(
+        private readonly User $user,
+    ) {
+    }
+
+    public function __invoke(): void
+    {
+        $editor = new UserEditor($this->user);
+        $editor->update([
+            'disableAvatar' => 0,
+            'disableAvatarExpires' => 0,
+        ]);
+    }
+}

From 48092ea0a8f1cd9004e0986e02bc328d1d8a47b0 Mon Sep 17 00:00:00 2001
From: Cyperghost <olaf_schmitz_1@t-online.de>
Date: Mon, 28 Jul 2025 17:47:14 +0200
Subject: [PATCH 05/19] Adding functions for enable/disable users signature via
 RPC endpoints

---
 .../UserDisableSignatureAction.class.php      | 126 ++++++++++++++++++
 .../files/lib/bootstrap/com.woltlab.wcf.php   |   1 +
 .../core/users/EnableUserSignature.class.php  |  55 ++++++++
 .../user/UserManagementInteractions.class.php |  60 ++++++---
 .../user/command/DisableSignature.class.php   |  34 +++++
 .../user/command/EnableSignature.class.php    |  31 +++++
 6 files changed, 289 insertions(+), 18 deletions(-)
 create mode 100644 wcfsetup/install/files/lib/action/UserDisableSignatureAction.class.php
 create mode 100644 wcfsetup/install/files/lib/system/endpoint/controller/core/users/EnableUserSignature.class.php
 create mode 100644 wcfsetup/install/files/lib/system/user/command/DisableSignature.class.php
 create mode 100644 wcfsetup/install/files/lib/system/user/command/EnableSignature.class.php

diff --git a/wcfsetup/install/files/lib/action/UserDisableSignatureAction.class.php b/wcfsetup/install/files/lib/action/UserDisableSignatureAction.class.php
new file mode 100644
index 0000000000..8ad1805006
--- /dev/null
+++ b/wcfsetup/install/files/lib/action/UserDisableSignatureAction.class.php
@@ -0,0 +1,126 @@
+<?php
+
+namespace wcf\action;
+
+use Laminas\Diactoros\Response\JsonResponse;
+use Psr\Http\Message\ResponseInterface;
+use Psr\Http\Message\ServerRequestInterface;
+use Psr\Http\Server\RequestHandlerInterface;
+use wcf\data\user\group\UserGroup;
+use wcf\data\user\UserProfile;
+use wcf\http\Helper;
+use wcf\system\cache\runtime\UserProfileRuntimeCache;
+use wcf\system\exception\IllegalLinkException;
+use wcf\system\exception\PermissionDeniedException;
+use wcf\system\form\builder\field\BooleanFormField;
+use wcf\system\form\builder\field\DateFormField;
+use wcf\system\form\builder\field\dependency\EmptyFormFieldDependency;
+use wcf\system\form\builder\field\MultilineTextFormField;
+use wcf\system\form\builder\Psr15DialogForm;
+use wcf\system\user\command\DisableSignature;
+use wcf\system\WCF;
+
+/**
+ * Handles disabling of user signatures.
+ *
+ * @author Olaf Braun
+ * @copyright 2001-2025 WoltLab GmbH
+ * @license GNU Lesser General Public License <http://opensource.org/licenses/lgpl-license.php>
+ * @since 6.3
+ */
+final class UserDisableSignatureAction implements RequestHandlerInterface
+{
+    #[\Override]
+    public function handle(ServerRequestInterface $request): ResponseInterface
+    {
+        $parameters = Helper::mapQueryParameters(
+            $request->getQueryParams(),
+            <<<'EOT'
+                array {
+                    id: positive-int
+                }
+                EOT
+        );
+
+        $user = UserProfileRuntimeCache::getInstance()->getObject($parameters['id']);
+        $this->assertSignatureCanBeDisabled($user);
+
+        $form = $this->getForm();
+
+        if ($request->getMethod() === 'GET') {
+            return $form->toResponse();
+        } elseif ($request->getMethod() === 'POST') {
+            $response = $form->validateRequest($request);
+            if ($response !== null) {
+                return $response;
+            }
+
+            $data = $form->getData()['data'];
+            $reason = $data['reason'];
+            if ($data['neverExpires']) {
+                $expires = null;
+            } else {
+                $expires = $data['expires'];
+            }
+
+            (new DisableSignature($user->getDecoratedObject(), $reason, $expires))();
+
+            return new JsonResponse([]);
+        } else {
+            throw new \LogicException('Unreachable');
+        }
+    }
+
+    private function assertSignatureCanBeDisabled(?UserProfile $userProfile): void
+    {
+        if (!$userProfile) {
+            throw new IllegalLinkException();
+        }
+
+        if ($userProfile->userID === WCF::getUser()->userID) {
+            throw new IllegalLinkException();
+        }
+
+        if (!WCF::getSession()->getPermission('admin.user.canDisableSignature')) {
+            throw new PermissionDeniedException();
+        }
+
+        if (!UserGroup::isAccessibleGroup($userProfile->getGroupIDs())) {
+            throw new PermissionDeniedException();
+        }
+
+        if ($userProfile->disableSignature !== 0) {
+            throw new IllegalLinkException();
+        }
+    }
+
+    private function getForm(): Psr15DialogForm
+    {
+        $form = new Psr15DialogForm(
+            static::class,
+            WCF::getLanguage()->getDynamicVariable('wcf.user.disableSignature.confirmMessage')
+        );
+        $form->appendChildren([
+            MultilineTextFormField::create('reason')
+                ->rows(3)
+                ->label('wcf.global.reason'),
+            BooleanFormField::create('neverExpires')
+                ->label('wcf.user.disableSignature.neverExpires')
+                ->value(true),
+            DateFormField::create('expires')
+                ->label('wcf.user.disableSignature.expires')
+                ->description('wcf.user.disableSignature.expires.description')
+                ->earliestDate(TIME_NOW)
+                ->required()
+                ->addDependency(
+                    EmptyFormFieldDependency::create('neverExpires')
+                        ->fieldId('neverExpires')
+                ),
+        ]);
+
+        $form->markRequiredFields(false);
+        $form->build();
+
+        return $form;
+    }
+}
diff --git a/wcfsetup/install/files/lib/bootstrap/com.woltlab.wcf.php b/wcfsetup/install/files/lib/bootstrap/com.woltlab.wcf.php
index 1733a19ed5..7247f3fa2e 100644
--- a/wcfsetup/install/files/lib/bootstrap/com.woltlab.wcf.php
+++ b/wcfsetup/install/files/lib/bootstrap/com.woltlab.wcf.php
@@ -177,6 +177,7 @@ static function (\wcf\event\endpoint\ControllerCollecting $event) {
             $event->register(new \wcf\system\endpoint\controller\core\users\GetUserProfileHeader());
             $event->register(new \wcf\system\endpoint\controller\core\users\UnbanUser());
             $event->register(new \wcf\system\endpoint\controller\core\users\EnableUserAvatar());
+            $event->register(new \wcf\system\endpoint\controller\core\users\EnableUserSignature());
             $event->register(new \wcf\system\endpoint\controller\core\interactions\GetBulkContextMenuOptions());
             $event->register(new \wcf\system\endpoint\controller\core\interactions\GetContextMenuOptions());
             $event->register(new \wcf\system\endpoint\controller\core\articles\DeleteArticle());
diff --git a/wcfsetup/install/files/lib/system/endpoint/controller/core/users/EnableUserSignature.class.php b/wcfsetup/install/files/lib/system/endpoint/controller/core/users/EnableUserSignature.class.php
new file mode 100644
index 0000000000..912eff6f01
--- /dev/null
+++ b/wcfsetup/install/files/lib/system/endpoint/controller/core/users/EnableUserSignature.class.php
@@ -0,0 +1,55 @@
+<?php
+
+namespace wcf\system\endpoint\controller\core\users;
+
+use Laminas\Diactoros\Response\JsonResponse;
+use Psr\Http\Message\ResponseInterface;
+use Psr\Http\Message\ServerRequestInterface;
+use wcf\data\user\group\UserGroup;
+use wcf\data\user\User;
+use wcf\http\Helper;
+use wcf\system\endpoint\IController;
+use wcf\system\endpoint\PostRequest;
+use wcf\system\exception\IllegalLinkException;
+use wcf\system\exception\PermissionDeniedException;
+use wcf\system\user\command\EnableSignature;
+use wcf\system\WCF;
+
+/**
+ * API endpoint for enabling a user's signature.
+ *
+ * @author Olaf Braun
+ * @copyright 2001-2025 WoltLab GmbH
+ * @license GNU Lesser General Public License <http://opensource.org/licenses/lgpl-license.php>
+ * @since 6.3
+ */
+#[PostRequest('/core/users/{id:\d+}/enable-signature')]
+final class EnableUserSignature implements IController
+{
+    #[\Override]
+    public function __invoke(ServerRequestInterface $request, array $variables): ResponseInterface
+    {
+        $user = Helper::fetchObjectFromRequestParameter($variables['id'], User::class);
+
+        $this->assertSignatureCanBeEnabled($user);
+
+        if ($user->disableSignature) {
+            (new EnableSignature($user))();
+        }
+
+        return new JsonResponse([]);
+    }
+
+    private function assertSignatureCanBeEnabled(User $user): void
+    {
+        if (WCF::getUser()->userID === $user->userID) {
+            throw new IllegalLinkException();
+        }
+        if (!WCF::getSession()->getPermission('admin.user.canDisableSignature')) {
+            throw new PermissionDeniedException();
+        }
+        if (!UserGroup::isAccessibleGroup($user->getGroupIDs())) {
+            throw new PermissionDeniedException();
+        }
+    }
+}
diff --git a/wcfsetup/install/files/lib/system/interaction/user/UserManagementInteractions.class.php b/wcfsetup/install/files/lib/system/interaction/user/UserManagementInteractions.class.php
index dbe12344df..34b11ee380 100644
--- a/wcfsetup/install/files/lib/system/interaction/user/UserManagementInteractions.class.php
+++ b/wcfsetup/install/files/lib/system/interaction/user/UserManagementInteractions.class.php
@@ -5,6 +5,7 @@
 use wcf\acp\form\UserEditForm;
 use wcf\action\UserBanAction;
 use wcf\action\UserDisableAvatarAction;
+use wcf\action\UserDisableSignatureAction;
 use wcf\data\DatabaseObject;
 use wcf\data\user\group\UserGroup;
 use wcf\data\user\UserProfile;
@@ -115,26 +116,49 @@ static function (UserProfile $user): bool {
                 },
             )
         );
+        $this->addInteraction(
+            new FormBuilderDialogInteraction(
+                'disable-signature',
+                LinkHandler::getInstance()->getControllerLink(UserDisableSignatureAction::class, [
+                    'id' => '%s',
+                ]),
+                'wcf.user.disableSignature',
+                static function (UserProfile $user): bool {
+                    if (WCF::getUser()->userID === $user->userID) {
+                        return false;
+                    }
+                    if (!WCF::getSession()->getPermission('admin.user.canDisableSignature')) {
+                        return false;
+                    }
+                    if (!UserGroup::isAccessibleGroup($user->getGroupIDs())) {
+                        return false;
+                    }
 
-        if (WCF::getSession()->getPermission('admin.user.canDisableSignature')) {
-            $this->addInteraction(
-                new class('disable-signature', static fn (UserProfile $user) => UserGroup::isAccessibleGroup($user->getGroupIDs()) && WCF::getUser()->userID !== $user->userID) extends AbstractInteraction {
-                    #[\Override]
-                    public function render(DatabaseObject $object): string
-                    {
-                        \assert($object instanceof UserProfile);
-                        $title = WCF::getLanguage()->get($object->disableSignature ? 'wcf.user.enableSignature' : 'wcf.user.disableSignature');
-
-                        return <<<HTML
-                            <button
-                                type="button"
-                                class="jsButtonUserDisableSignature"
-                            >{$title}</button>
-                            HTML;
+                    return $user->disableSignature === 0;
+                },
+            )
+        );
+        $this->addInteraction(
+            new RpcInteraction(
+                'enable-signature',
+                'core/users/%s/enable-signature',
+                'wcf.user.enableSignature',
+                isAvailableCallback: static function (UserProfile $user): bool {
+                    if (WCF::getUser()->userID === $user->userID) {
+                        return false;
                     }
-                }
-            );
-        }
+                    if (!WCF::getSession()->getPermission('admin.user.canDisableSignature')) {
+                        return false;
+                    }
+                    if (!UserGroup::isAccessibleGroup($user->getGroupIDs())) {
+                        return false;
+                    }
+
+                    return $user->disableSignature === 1;
+                },
+            )
+        );
+
         if (WCF::getSession()->getPermission('admin.user.canDisableCoverPhoto')) {
             $this->addInteraction(
                 new class('disable-cover-photo', static fn (UserProfile $user) => UserGroup::isAccessibleGroup($user->getGroupIDs()) && WCF::getUser()->userID !== $user->userID) extends AbstractInteraction {
diff --git a/wcfsetup/install/files/lib/system/user/command/DisableSignature.class.php b/wcfsetup/install/files/lib/system/user/command/DisableSignature.class.php
new file mode 100644
index 0000000000..60bbeeb540
--- /dev/null
+++ b/wcfsetup/install/files/lib/system/user/command/DisableSignature.class.php
@@ -0,0 +1,34 @@
+<?php
+
+namespace wcf\system\user\command;
+
+use wcf\data\user\User;
+use wcf\data\user\UserEditor;
+
+/**
+ * Disable a user's signature.
+ *
+ * @author Olaf Braun
+ * @copyright 2001-2025 WoltLab GmbH
+ * @license GNU Lesser General Public License <http://opensource.org/licenses/lgpl-license.php>
+ * @since 6.3
+ */
+final class DisableSignature
+{
+    public function __construct(
+        private readonly User $user,
+        private readonly string $reason,
+        private readonly ?int $banExpires = null,
+    ) {
+    }
+
+    public function __invoke(): void
+    {
+        $editor = new UserEditor($this->user);
+        $editor->update([
+            'disableSignature' => 1,
+            'disableSignatureReason' => $this->reason,
+            'disableSignatureExpires' => $this->banExpires ?? 0,
+        ]);
+    }
+}
diff --git a/wcfsetup/install/files/lib/system/user/command/EnableSignature.class.php b/wcfsetup/install/files/lib/system/user/command/EnableSignature.class.php
new file mode 100644
index 0000000000..7f9b3d7753
--- /dev/null
+++ b/wcfsetup/install/files/lib/system/user/command/EnableSignature.class.php
@@ -0,0 +1,31 @@
+<?php
+
+namespace wcf\system\user\command;
+
+use wcf\data\user\User;
+use wcf\data\user\UserEditor;
+
+/**
+ * Enable a user's signature.
+ *
+ * @author Olaf Braun
+ * @copyright 2001-2025 WoltLab GmbH
+ * @license GNU Lesser General Public License <http://opensource.org/licenses/lgpl-license.php>
+ * @since 6.3
+ */
+final class EnableSignature
+{
+    public function __construct(
+        private readonly User $user,
+    ) {
+    }
+
+    public function __invoke(): void
+    {
+        $editor = new UserEditor($this->user);
+        $editor->update([
+            'disableSignature' => 0,
+            'disableSignatureExpires' => 0,
+        ]);
+    }
+}

From bfb3eb4f98fe0dd8c001565ca1918c287babcc79 Mon Sep 17 00:00:00 2001
From: Cyperghost <olaf_schmitz_1@t-online.de>
Date: Mon, 28 Jul 2025 17:53:18 +0200
Subject: [PATCH 06/19] Adding functions for enable/disable users cover photo
 via RPC endpoints

---
 .../UserDisableCoverPhotoAction.class.php     | 126 ++++++++++++++++++
 .../files/lib/bootstrap/com.woltlab.wcf.php   |   1 +
 .../core/users/EnableUserCoverPhoto.class.php |  55 ++++++++
 .../user/UserManagementInteractions.class.php |  61 ++++++---
 .../user/command/DisableCoverPhoto.class.php  |  34 +++++
 .../user/command/EnableCoverPhoto.class.php   |  31 +++++
 6 files changed, 291 insertions(+), 17 deletions(-)
 create mode 100644 wcfsetup/install/files/lib/action/UserDisableCoverPhotoAction.class.php
 create mode 100644 wcfsetup/install/files/lib/system/endpoint/controller/core/users/EnableUserCoverPhoto.class.php
 create mode 100644 wcfsetup/install/files/lib/system/user/command/DisableCoverPhoto.class.php
 create mode 100644 wcfsetup/install/files/lib/system/user/command/EnableCoverPhoto.class.php

diff --git a/wcfsetup/install/files/lib/action/UserDisableCoverPhotoAction.class.php b/wcfsetup/install/files/lib/action/UserDisableCoverPhotoAction.class.php
new file mode 100644
index 0000000000..71981574fb
--- /dev/null
+++ b/wcfsetup/install/files/lib/action/UserDisableCoverPhotoAction.class.php
@@ -0,0 +1,126 @@
+<?php
+
+namespace wcf\action;
+
+use Laminas\Diactoros\Response\JsonResponse;
+use Psr\Http\Message\ResponseInterface;
+use Psr\Http\Message\ServerRequestInterface;
+use Psr\Http\Server\RequestHandlerInterface;
+use wcf\data\user\group\UserGroup;
+use wcf\data\user\UserProfile;
+use wcf\http\Helper;
+use wcf\system\cache\runtime\UserProfileRuntimeCache;
+use wcf\system\exception\IllegalLinkException;
+use wcf\system\exception\PermissionDeniedException;
+use wcf\system\form\builder\field\BooleanFormField;
+use wcf\system\form\builder\field\DateFormField;
+use wcf\system\form\builder\field\dependency\EmptyFormFieldDependency;
+use wcf\system\form\builder\field\MultilineTextFormField;
+use wcf\system\form\builder\Psr15DialogForm;
+use wcf\system\user\command\DisableCoverPhoto;
+use wcf\system\WCF;
+
+/**
+ * Handles disabling user cover photos.
+ *
+ * @author Olaf Braun
+ * @copyright 2001-2025 WoltLab GmbH
+ * @license GNU Lesser General Public License <http://opensource.org/licenses/lgpl-license.php>
+ * @since 6.3
+ */
+final class UserDisableCoverPhotoAction implements RequestHandlerInterface
+{
+    #[\Override]
+    public function handle(ServerRequestInterface $request): ResponseInterface
+    {
+        $parameters = Helper::mapQueryParameters(
+            $request->getQueryParams(),
+            <<<'EOT'
+                array {
+                    id: positive-int
+                }
+                EOT
+        );
+
+        $user = UserProfileRuntimeCache::getInstance()->getObject($parameters['id']);
+        $this->assertCoverPhotoCanBeDisabled($user);
+
+        $form = $this->getForm();
+
+        if ($request->getMethod() === 'GET') {
+            return $form->toResponse();
+        } elseif ($request->getMethod() === 'POST') {
+            $response = $form->validateRequest($request);
+            if ($response !== null) {
+                return $response;
+            }
+
+            $data = $form->getData()['data'];
+            $reason = $data['reason'];
+            if ($data['neverExpires']) {
+                $expires = null;
+            } else {
+                $expires = $data['expires'];
+            }
+
+            (new DisableCoverPhoto($user->getDecoratedObject(), $reason, $expires))();
+
+            return new JsonResponse([]);
+        } else {
+            throw new \LogicException('Unreachable');
+        }
+    }
+
+    private function assertCoverPhotoCanBeDisabled(?UserProfile $userProfile): void
+    {
+        if (!$userProfile) {
+            throw new IllegalLinkException();
+        }
+
+        if ($userProfile->userID === WCF::getUser()->userID) {
+            throw new IllegalLinkException();
+        }
+
+        if (!WCF::getSession()->getPermission('admin.user.canDisableCoverPhoto')) {
+            throw new PermissionDeniedException();
+        }
+
+        if (!UserGroup::isAccessibleGroup($userProfile->getGroupIDs())) {
+            throw new PermissionDeniedException();
+        }
+
+        if ($userProfile->disableCoverPhoto !== 0) {
+            throw new IllegalLinkException();
+        }
+    }
+
+    private function getForm(): Psr15DialogForm
+    {
+        $form = new Psr15DialogForm(
+            static::class,
+            WCF::getLanguage()->getDynamicVariable('wcf.user.disableCoverPhoto.confirmMessage')
+        );
+        $form->appendChildren([
+            MultilineTextFormField::create('reason')
+                ->rows(3)
+                ->label('wcf.global.reason'),
+            BooleanFormField::create('neverExpires')
+                ->label('wcf.user.disableCoverPhoto.neverExpires')
+                ->value(true),
+            DateFormField::create('expires')
+                ->label('wcf.user.disableCoverPhoto.expires')
+                ->description('wcf.user.disableCoverPhoto.expires.description')
+                ->earliestDate(TIME_NOW)
+                ->required()
+                ->addDependency(
+                    EmptyFormFieldDependency::create('neverExpires')
+                        ->fieldId('neverExpires')
+                ),
+        ]);
+
+        $form->markRequiredFields(false);
+        $form->build();
+
+        return $form;
+    }
+}
diff --git a/wcfsetup/install/files/lib/bootstrap/com.woltlab.wcf.php b/wcfsetup/install/files/lib/bootstrap/com.woltlab.wcf.php
index 7247f3fa2e..e7bb2a1da3 100644
--- a/wcfsetup/install/files/lib/bootstrap/com.woltlab.wcf.php
+++ b/wcfsetup/install/files/lib/bootstrap/com.woltlab.wcf.php
@@ -178,6 +178,7 @@ static function (\wcf\event\endpoint\ControllerCollecting $event) {
             $event->register(new \wcf\system\endpoint\controller\core\users\UnbanUser());
             $event->register(new \wcf\system\endpoint\controller\core\users\EnableUserAvatar());
             $event->register(new \wcf\system\endpoint\controller\core\users\EnableUserSignature());
+            $event->register(new \wcf\system\endpoint\controller\core\users\EnableUserCoverPhoto());
             $event->register(new \wcf\system\endpoint\controller\core\interactions\GetBulkContextMenuOptions());
             $event->register(new \wcf\system\endpoint\controller\core\interactions\GetContextMenuOptions());
             $event->register(new \wcf\system\endpoint\controller\core\articles\DeleteArticle());
diff --git a/wcfsetup/install/files/lib/system/endpoint/controller/core/users/EnableUserCoverPhoto.class.php b/wcfsetup/install/files/lib/system/endpoint/controller/core/users/EnableUserCoverPhoto.class.php
new file mode 100644
index 0000000000..66682a9c32
--- /dev/null
+++ b/wcfsetup/install/files/lib/system/endpoint/controller/core/users/EnableUserCoverPhoto.class.php
@@ -0,0 +1,55 @@
+<?php
+
+namespace wcf\system\endpoint\controller\core\users;
+
+use Laminas\Diactoros\Response\JsonResponse;
+use Psr\Http\Message\ResponseInterface;
+use Psr\Http\Message\ServerRequestInterface;
+use wcf\data\user\group\UserGroup;
+use wcf\data\user\User;
+use wcf\http\Helper;
+use wcf\system\endpoint\IController;
+use wcf\system\endpoint\PostRequest;
+use wcf\system\exception\IllegalLinkException;
+use wcf\system\exception\PermissionDeniedException;
+use wcf\system\user\command\EnableCoverPhoto;
+use wcf\system\WCF;
+
+/**
+ * API endpoint for enabling a user's cover photo.
+ *
+ * @author Olaf Braun
+ * @copyright 2001-2025 WoltLab GmbH
+ * @license GNU Lesser General Public License <http://opensource.org/licenses/lgpl-license.php>
+ * @since 6.3
+ */
+#[PostRequest('/core/users/{id:\d+}/enable-cover-photo')]
+final class EnableUserCoverPhoto implements IController
+{
+    #[\Override]
+    public function __invoke(ServerRequestInterface $request, array $variables): ResponseInterface
+    {
+        $user = Helper::fetchObjectFromRequestParameter($variables['id'], User::class);
+
+        $this->assertCoverPhotoCanBeEnabled($user);
+
+        if ($user->disableCoverPhoto) {
+            (new EnableCoverPhoto($user))();
+        }
+
+        return new JsonResponse([]);
+    }
+
+    private function assertCoverPhotoCanBeEnabled(User $user): void
+    {
+        if (WCF::getUser()->userID === $user->userID) {
+            throw new IllegalLinkException();
+        }
+        if (!WCF::getSession()->getPermission('admin.user.canDisableCoverPhoto')) {
+            throw new PermissionDeniedException();
+        }
+        if (!UserGroup::isAccessibleGroup($user->getGroupIDs())) {
+            throw new PermissionDeniedException();
+        }
+    }
+}
diff --git a/wcfsetup/install/files/lib/system/interaction/user/UserManagementInteractions.class.php b/wcfsetup/install/files/lib/system/interaction/user/UserManagementInteractions.class.php
index 34b11ee380..6432dc0ce9 100644
--- a/wcfsetup/install/files/lib/system/interaction/user/UserManagementInteractions.class.php
+++ b/wcfsetup/install/files/lib/system/interaction/user/UserManagementInteractions.class.php
@@ -5,6 +5,7 @@
 use wcf\acp\form\UserEditForm;
 use wcf\action\UserBanAction;
 use wcf\action\UserDisableAvatarAction;
+use wcf\action\UserDisableCoverPhotoAction;
 use wcf\action\UserDisableSignatureAction;
 use wcf\data\DatabaseObject;
 use wcf\data\user\group\UserGroup;
@@ -74,6 +75,7 @@ static function (UserProfile $user): bool {
                 },
             )
         );
+        
         $this->addInteraction(
             new FormBuilderDialogInteraction(
                 'disable-avatar',
@@ -116,6 +118,7 @@ static function (UserProfile $user): bool {
                 },
             )
         );
+        
         $this->addInteraction(
             new FormBuilderDialogInteraction(
                 'disable-signature',
@@ -159,25 +162,49 @@ static function (UserProfile $user): bool {
             )
         );
 
-        if (WCF::getSession()->getPermission('admin.user.canDisableCoverPhoto')) {
-            $this->addInteraction(
-                new class('disable-cover-photo', static fn (UserProfile $user) => UserGroup::isAccessibleGroup($user->getGroupIDs()) && WCF::getUser()->userID !== $user->userID) extends AbstractInteraction {
-                    #[\Override]
-                    public function render(DatabaseObject $object): string
-                    {
-                        \assert($object instanceof UserProfile);
-                        $title = WCF::getLanguage()->get($object->disableCoverPhoto ? 'wcf.user.enableCoverPhoto' : 'wcf.user.disableCoverPhoto');
+        $this->addInteraction(
+            new FormBuilderDialogInteraction(
+                'disable-cover-photo',
+                LinkHandler::getInstance()->getControllerLink(UserDisableCoverPhotoAction::class, [
+                    'id' => '%s',
+                ]),
+                'wcf.user.disableCoverPhoto',
+                static function (UserProfile $user): bool {
+                    if (WCF::getUser()->userID === $user->userID) {
+                        return false;
+                    }
+                    if (!WCF::getSession()->getPermission('admin.user.canDisableCoverPhoto')) {
+                        return false;
+                    }
+                    if (!UserGroup::isAccessibleGroup($user->getGroupIDs())) {
+                        return false;
+                    }
 
-                        return <<<HTML
-                            <button
-                                type="button"
-                                class="jsButtonUserDisableCoverPhoto"
-                            >{$title}</button>
-                            HTML;
+                    return $user->disableCoverPhoto === 0;
+                },
+            )
+        );
+        $this->addInteraction(
+            new RpcInteraction(
+                'enable-cover-photo',
+                'core/users/%s/enable-cover-photo',
+                'wcf.user.enableCoverPhoto',
+                isAvailableCallback: static function (UserProfile $user): bool {
+                    if (WCF::getUser()->userID === $user->userID) {
+                        return false;
                     }
-                }
-            );
-        }
+                    if (!WCF::getSession()->getPermission('admin.user.canDisableCoverPhoto')) {
+                        return false;
+                    }
+                    if (!UserGroup::isAccessibleGroup($user->getGroupIDs())) {
+                        return false;
+                    }
+
+                    return $user->disableCoverPhoto === 1;
+                },
+            )
+        );
+
         if (WCF::getSession()->getPermission('admin.user.canEnableUser')) {
             $this->addInteraction(
                 new class('enable', static fn (UserProfile $user) => UserGroup::isAccessibleGroup($user->getGroupIDs()) && WCF::getUser()->userID !== $user->userID) extends AbstractInteraction {
diff --git a/wcfsetup/install/files/lib/system/user/command/DisableCoverPhoto.class.php b/wcfsetup/install/files/lib/system/user/command/DisableCoverPhoto.class.php
new file mode 100644
index 0000000000..647a44d3c3
--- /dev/null
+++ b/wcfsetup/install/files/lib/system/user/command/DisableCoverPhoto.class.php
@@ -0,0 +1,34 @@
+<?php
+
+namespace wcf\system\user\command;
+
+use wcf\data\user\User;
+use wcf\data\user\UserEditor;
+
+/**
+ * Disable a user's cover photo.
+ *
+ * @author Olaf Braun
+ * @copyright 2001-2025 WoltLab GmbH
+ * @license GNU Lesser General Public License <http://opensource.org/licenses/lgpl-license.php>
+ * @since 6.3
+ */
+final class DisableCoverPhoto
+{
+    public function __construct(
+        private readonly User $user,
+        private readonly string $reason,
+        private readonly ?int $banExpires = null,
+    ) {
+    }
+
+    public function __invoke(): void
+    {
+        $editor = new UserEditor($this->user);
+        $editor->update([
+            'disableCoverPhoto' => 1,
+            'disableCoverPhotoReason' => $this->reason,
+            'disableCoverPhotoExpires' => $this->banExpires ?? 0,
+        ]);
+    }
+}
diff --git a/wcfsetup/install/files/lib/system/user/command/EnableCoverPhoto.class.php b/wcfsetup/install/files/lib/system/user/command/EnableCoverPhoto.class.php
new file mode 100644
index 0000000000..8289fe1329
--- /dev/null
+++ b/wcfsetup/install/files/lib/system/user/command/EnableCoverPhoto.class.php
@@ -0,0 +1,31 @@
+<?php
+
+namespace wcf\system\user\command;
+
+use wcf\data\user\User;
+use wcf\data\user\UserEditor;
+
+/**
+ * Enable a user's cover photo.
+ *
+ * @author Olaf Braun
+ * @copyright 2001-2025 WoltLab GmbH
+ * @license GNU Lesser General Public License <http://opensource.org/licenses/lgpl-license.php>
+ * @since 6.3
+ */
+final class EnableCoverPhoto
+{
+    public function __construct(
+        private readonly User $user,
+    ) {
+    }
+
+    public function __invoke(): void
+    {
+        $editor = new UserEditor($this->user);
+        $editor->update([
+            'disableCoverPhoto' => 0,
+            'disableCoverPhotoExpires' => 0,
+        ]);
+    }
+}

From 15c69503e6037af71b295c6a517182b19befe8e0 Mon Sep 17 00:00:00 2001
From: Cyperghost <olaf_schmitz_1@t-online.de>
Date: Mon, 28 Jul 2025 18:03:21 +0200
Subject: [PATCH 07/19] Adding functions for enable/disable users via RPC
 endpoints

---
 .../files/lib/bootstrap/com.woltlab.wcf.php   |  2 +
 .../core/users/DisableUser.class.php          | 55 ++++++++++++++++++
 .../core/users/EnableUser.class.php           | 55 ++++++++++++++++++
 .../user/UserManagementInteractions.class.php | 56 +++++++++++++------
 4 files changed, 151 insertions(+), 17 deletions(-)
 create mode 100644 wcfsetup/install/files/lib/system/endpoint/controller/core/users/DisableUser.class.php
 create mode 100644 wcfsetup/install/files/lib/system/endpoint/controller/core/users/EnableUser.class.php

diff --git a/wcfsetup/install/files/lib/bootstrap/com.woltlab.wcf.php b/wcfsetup/install/files/lib/bootstrap/com.woltlab.wcf.php
index e7bb2a1da3..85180ea839 100644
--- a/wcfsetup/install/files/lib/bootstrap/com.woltlab.wcf.php
+++ b/wcfsetup/install/files/lib/bootstrap/com.woltlab.wcf.php
@@ -179,6 +179,8 @@ static function (\wcf\event\endpoint\ControllerCollecting $event) {
             $event->register(new \wcf\system\endpoint\controller\core\users\EnableUserAvatar());
             $event->register(new \wcf\system\endpoint\controller\core\users\EnableUserSignature());
             $event->register(new \wcf\system\endpoint\controller\core\users\EnableUserCoverPhoto());
+            $event->register(new \wcf\system\endpoint\controller\core\users\EnableUser());
+            $event->register(new \wcf\system\endpoint\controller\core\users\DisableUser());
             $event->register(new \wcf\system\endpoint\controller\core\interactions\GetBulkContextMenuOptions());
             $event->register(new \wcf\system\endpoint\controller\core\interactions\GetContextMenuOptions());
             $event->register(new \wcf\system\endpoint\controller\core\articles\DeleteArticle());
diff --git a/wcfsetup/install/files/lib/system/endpoint/controller/core/users/DisableUser.class.php b/wcfsetup/install/files/lib/system/endpoint/controller/core/users/DisableUser.class.php
new file mode 100644
index 0000000000..01fda88514
--- /dev/null
+++ b/wcfsetup/install/files/lib/system/endpoint/controller/core/users/DisableUser.class.php
@@ -0,0 +1,55 @@
+<?php
+
+namespace wcf\system\endpoint\controller\core\users;
+
+use Laminas\Diactoros\Response\JsonResponse;
+use Psr\Http\Message\ResponseInterface;
+use Psr\Http\Message\ServerRequestInterface;
+use wcf\data\user\group\UserGroup;
+use wcf\data\user\User;
+use wcf\data\user\UserAction;
+use wcf\http\Helper;
+use wcf\system\endpoint\IController;
+use wcf\system\endpoint\PostRequest;
+use wcf\system\exception\IllegalLinkException;
+use wcf\system\exception\PermissionDeniedException;
+use wcf\system\WCF;
+
+/**
+ * API endpoint for disabling a user.
+ *
+ * @author Olaf Braun
+ * @copyright 2001-2025 WoltLab GmbH
+ * @license GNU Lesser General Public License <http://opensource.org/licenses/lgpl-license.php>
+ * @since 6.3
+ */
+#[PostRequest('/core/users/{id:\d+}/disable')]
+final class DisableUser implements IController
+{
+    #[\Override]
+    public function __invoke(ServerRequestInterface $request, array $variables): ResponseInterface
+    {
+        $user = Helper::fetchObjectFromRequestParameter($variables['id'], User::class);
+
+        $this->assertUserCanBeDisabled($user);
+
+        if (!$user->pendingActivation()) {
+            (new UserAction([$user], 'disable'))->executeAction();
+        }
+
+        return new JsonResponse([]);
+    }
+
+    private function assertUserCanBeDisabled(User $user): void
+    {
+        if (WCF::getUser()->userID === $user->userID) {
+            throw new IllegalLinkException();
+        }
+        if (!WCF::getSession()->getPermission('admin.user.canEnableUser')) {
+            throw new PermissionDeniedException();
+        }
+        if (!UserGroup::isAccessibleGroup($user->getGroupIDs())) {
+            throw new PermissionDeniedException();
+        }
+    }
+}
diff --git a/wcfsetup/install/files/lib/system/endpoint/controller/core/users/EnableUser.class.php b/wcfsetup/install/files/lib/system/endpoint/controller/core/users/EnableUser.class.php
new file mode 100644
index 0000000000..5b9ef9b014
--- /dev/null
+++ b/wcfsetup/install/files/lib/system/endpoint/controller/core/users/EnableUser.class.php
@@ -0,0 +1,55 @@
+<?php
+
+namespace wcf\system\endpoint\controller\core\users;
+
+use Laminas\Diactoros\Response\JsonResponse;
+use Psr\Http\Message\ResponseInterface;
+use Psr\Http\Message\ServerRequestInterface;
+use wcf\data\user\group\UserGroup;
+use wcf\data\user\User;
+use wcf\data\user\UserAction;
+use wcf\http\Helper;
+use wcf\system\endpoint\IController;
+use wcf\system\endpoint\PostRequest;
+use wcf\system\exception\IllegalLinkException;
+use wcf\system\exception\PermissionDeniedException;
+use wcf\system\WCF;
+
+/**
+ * API endpoint for enabling a user.
+ *
+ * @author Olaf Braun
+ * @copyright 2001-2025 WoltLab GmbH
+ * @license GNU Lesser General Public License <http://opensource.org/licenses/lgpl-license.php>
+ * @since 6.3
+ */
+#[PostRequest('/core/users/{id:\d+}/enable')]
+final class EnableUser implements IController
+{
+    #[\Override]
+    public function __invoke(ServerRequestInterface $request, array $variables): ResponseInterface
+    {
+        $user = Helper::fetchObjectFromRequestParameter($variables['id'], User::class);
+
+        $this->assertUserCanBeEnabled($user);
+
+        if ($user->pendingActivation()) {
+            (new UserAction([$user], 'enable'))->executeAction();
+        }
+
+        return new JsonResponse([]);
+    }
+
+    private function assertUserCanBeEnabled(User $user): void
+    {
+        if (WCF::getUser()->userID === $user->userID) {
+            throw new IllegalLinkException();
+        }
+        if (!WCF::getSession()->getPermission('admin.user.canEnableUser')) {
+            throw new PermissionDeniedException();
+        }
+        if (!UserGroup::isAccessibleGroup($user->getGroupIDs())) {
+            throw new PermissionDeniedException();
+        }
+    }
+}
diff --git a/wcfsetup/install/files/lib/system/interaction/user/UserManagementInteractions.class.php b/wcfsetup/install/files/lib/system/interaction/user/UserManagementInteractions.class.php
index 6432dc0ce9..6cb7740c8f 100644
--- a/wcfsetup/install/files/lib/system/interaction/user/UserManagementInteractions.class.php
+++ b/wcfsetup/install/files/lib/system/interaction/user/UserManagementInteractions.class.php
@@ -205,25 +205,47 @@ static function (UserProfile $user): bool {
             )
         );
 
-        if (WCF::getSession()->getPermission('admin.user.canEnableUser')) {
-            $this->addInteraction(
-                new class('enable', static fn (UserProfile $user) => UserGroup::isAccessibleGroup($user->getGroupIDs()) && WCF::getUser()->userID !== $user->userID) extends AbstractInteraction {
-                    #[\Override]
-                    public function render(DatabaseObject $object): string
-                    {
-                        \assert($object instanceof UserProfile);
-                        $title = WCF::getLanguage()->get($object->pendingActivation() ? 'wcf.acp.user.enable' : 'wcf.acp.user.disable');
+        $this->addInteraction(
+            new RpcInteraction(
+                'disable',
+                'core/users/%s/disable',
+                'wcf.acp.user.disable',
+                isAvailableCallback: static function (UserProfile $user): bool {
+                    if (WCF::getUser()->userID === $user->userID) {
+                        return false;
+                    }
+                    if (!WCF::getSession()->getPermission('admin.user.canEnableUser')) {
+                        return false;
+                    }
+                    if (!UserGroup::isAccessibleGroup($user->getGroupIDs())) {
+                        return false;
+                    }
 
-                        return <<<HTML
-                            <button
-                                type="button"
-                                class="jsButtonUserEnable"
-                            >{$title}</button>
-                            HTML;
+                    return !$user->pendingActivation();
+                },
+            )
+        );
+        $this->addInteraction(
+            new RpcInteraction(
+                'enable',
+                'core/users/%s/enable',
+                'wcf.acp.user.enable',
+                isAvailableCallback: static function (UserProfile $user): bool {
+                    if (WCF::getUser()->userID === $user->userID) {
+                        return false;
                     }
-                }
-            );
-        }
+                    if (!WCF::getSession()->getPermission('admin.user.canEnableUser')) {
+                        return false;
+                    }
+                    if (!UserGroup::isAccessibleGroup($user->getGroupIDs())) {
+                        return false;
+                    }
+
+                    return $user->pendingActivation();
+                },
+            )
+        );
+
         if (WCF::getSession()->getPermission('admin.general.canUseAcp') && WCF::getSession()->getPermission('admin.user.canEditUser')) {
             $this->addInteraction(
                 new class('edit', static fn (UserProfile $user) => UserGroup::isAccessibleGroup($user->getGroupIDs()) && WCF::getUser()->userID !== $user->userID) extends AbstractInteraction {

From 4427cb1979e72006fb09d38f248a92486d81f32f Mon Sep 17 00:00:00 2001
From: Cyperghost <olaf_schmitz_1@t-online.de>
Date: Mon, 28 Jul 2025 18:10:39 +0200
Subject: [PATCH 08/19] Remove unused `Ui/User/Editor`

---
 com.woltlab.wcf/fileDelete.xml                |   1 +
 com.woltlab.wcf/templates/user.tpl            |  40 ---
 ts/WoltLabSuite/Core/Ui/User/Editor.ts        | 270 ------------------
 .../js/WoltLabSuite/Core/Ui/User/Editor.js    | 224 ---------------
 .../user/UserManagementInteractions.class.php |   5 +-
 5 files changed, 2 insertions(+), 538 deletions(-)
 delete mode 100644 ts/WoltLabSuite/Core/Ui/User/Editor.ts
 delete mode 100644 wcfsetup/install/files/js/WoltLabSuite/Core/Ui/User/Editor.js

diff --git a/com.woltlab.wcf/fileDelete.xml b/com.woltlab.wcf/fileDelete.xml
index b75e6e2cbe..069f85ab84 100644
--- a/com.woltlab.wcf/fileDelete.xml
+++ b/com.woltlab.wcf/fileDelete.xml
@@ -572,5 +572,6 @@
 		<file>icon/font-awesome/v6/brands/yoast.svg</file>
 		<file>icon/font-awesome/v6/brands/youtube.svg</file>
 		<file>icon/font-awesome/v6/brands/zhihu.svg</file>
+		<file>js/WoltLabSuite/Core/Ui/User/Editor.js</file>
 	</delete>
 </data>
diff --git a/com.woltlab.wcf/templates/user.tpl b/com.woltlab.wcf/templates/user.tpl
index 10684c4cd8..2d3dfbd3a7 100644
--- a/com.woltlab.wcf/templates/user.tpl
+++ b/com.woltlab.wcf/templates/user.tpl
@@ -3,46 +3,6 @@
 {capture assign='headContent'}
 	{event name='javascriptInclude'}
 	<script data-relocate="true">
-		{if $__wcf->getUser()->userID && $__wcf->getUser()->userID != $user->userID}
-			require(['Language', 'WoltLabSuite/Core/Ui/User/Editor'], function(Language, UiUserEditor) {
-				Language.addObject({
-					'wcf.acp.user.disable': '{jslang}wcf.acp.user.disable{/jslang}',
-					'wcf.acp.user.enable': '{jslang}wcf.acp.user.enable{/jslang}',
-					'wcf.user.ban': '{jslang}wcf.user.ban{/jslang}',
-					'wcf.user.banned': '{jslang}wcf.user.banned{/jslang}',
-					'wcf.user.ban.confirmMessage': '{jslang}wcf.user.ban.confirmMessage{/jslang}',
-					'wcf.user.ban.expires': '{jslang}wcf.user.ban.expires{/jslang}',
-					'wcf.user.ban.expires.description': '{jslang}wcf.user.ban.expires.description{/jslang}',
-					'wcf.user.ban.neverExpires': '{jslang}wcf.user.ban.neverExpires{/jslang}',
-					'wcf.user.ban.reason.description': '{jslang}wcf.user.ban.reason.description{/jslang}',
-					'wcf.user.disableAvatar': '{jslang}wcf.user.disableAvatar{/jslang}',
-					'wcf.user.disableAvatar.confirmMessage': '{jslang}wcf.user.disableAvatar.confirmMessage{/jslang}',
-					'wcf.user.disableAvatar.expires': '{jslang}wcf.user.disableAvatar.expires{/jslang}',
-					'wcf.user.disableAvatar.expires.description': '{jslang}wcf.user.disableAvatar.expires.description{/jslang}',
-					'wcf.user.disableAvatar.neverExpires': '{jslang}wcf.user.disableAvatar.neverExpires{/jslang}',
-					'wcf.user.disableCoverPhoto': '{jslang}wcf.user.disableCoverPhoto{/jslang}',
-					'wcf.user.disableCoverPhoto.confirmMessage': '{jslang}wcf.user.disableCoverPhoto.confirmMessage{/jslang}',
-					'wcf.user.disableCoverPhoto.expires': '{jslang}wcf.user.disableCoverPhoto.expires{/jslang}',
-					'wcf.user.disableCoverPhoto.expires.description': '{jslang}wcf.user.disableCoverPhoto.expires.description{/jslang}',
-					'wcf.user.disableCoverPhoto.neverExpires': '{jslang}wcf.user.disableCoverPhoto.neverExpires{/jslang}',
-					'wcf.user.disableSignature': '{jslang}wcf.user.disableSignature{/jslang}',
-					'wcf.user.disableSignature.confirmMessage': '{jslang}wcf.user.disableSignature.confirmMessage{/jslang}',
-					'wcf.user.disableSignature.expires': '{jslang}wcf.user.disableSignature.expires{/jslang}',
-					'wcf.user.disableSignature.expires.description': '{jslang}wcf.user.disableSignature.expires.description{/jslang}',
-					'wcf.user.disableSignature.neverExpires': '{jslang}wcf.user.disableSignature.neverExpires{/jslang}',
-					'wcf.user.edit': '{jslang}wcf.user.edit{/jslang}',
-					'wcf.user.enableAvatar': '{jslang}wcf.user.enableAvatar{/jslang}',
-					'wcf.user.enableCoverPhoto': '{jslang}wcf.user.enableCoverPhoto{/jslang}',
-					'wcf.user.enableSignature': '{jslang}wcf.user.enableSignature{/jslang}',
-					'wcf.user.unban': '{jslang}wcf.user.unban{/jslang}'
-				});
-				
-				{if $isAccessible}
-					UiUserEditor.init();
-				{/if}
-			});
-		{/if}
-
 		$(function() {
 			{if $__wcf->getUser()->userID && $__wcf->getUser()->userID != $user->userID}
 				WCF.Language.addObject({
diff --git a/ts/WoltLabSuite/Core/Ui/User/Editor.ts b/ts/WoltLabSuite/Core/Ui/User/Editor.ts
deleted file mode 100644
index ef1644cd48..0000000000
--- a/ts/WoltLabSuite/Core/Ui/User/Editor.ts
+++ /dev/null
@@ -1,270 +0,0 @@
-/**
- * Simple notification overlay.
- *
- * @author  Alexander Ebert
- * @copyright  2001-2019 WoltLab GmbH
- * @license  GNU Lesser General Public License <http://opensource.org/licenses/lgpl-license.php>
- * @woltlabExcludeBundle all
- */
-
-import * as Ajax from "../../Ajax";
-import { AjaxCallbackObject, AjaxCallbackSetup } from "../../Ajax/Data";
-import * as Core from "../../Core";
-import { DialogCallbackObject, DialogCallbackSetup } from "../Dialog/Data";
-import DomUtil from "../../Dom/Util";
-import * as Language from "../../Language";
-import * as StringUtil from "../../StringUtil";
-import UiDialog from "../Dialog";
-import { showDefaultSuccessSnackbar } from "WoltLabSuite/Core/Component/Snackbar";
-
-class UserEditor implements AjaxCallbackObject, DialogCallbackObject {
-  private actionName = "";
-  private readonly header: HTMLElement;
-
-  constructor() {
-    this.header = document.querySelector(".userProfileHeader") as HTMLElement;
-
-    ["ban", "disableAvatar", "disableCoverPhoto", "disableSignature", "enable"].forEach((action) => {
-      const button = document.querySelector(
-        ".userProfileHeader__managementOptions .jsButtonUser" + StringUtil.ucfirst(action),
-      ) as HTMLElement;
-
-      // The button is missing if the current user lacks the permission.
-      if (button) {
-        button.dataset.action = action;
-        button.addEventListener("click", (ev) => this._click(ev));
-      }
-    });
-  }
-
-  /**
-   * Handles clicks on action buttons.
-   */
-  _click(event: MouseEvent): void {
-    event.preventDefault();
-
-    const target = event.currentTarget as HTMLElement;
-    const action = target.dataset.action || "";
-    let actionName = "";
-    switch (action) {
-      case "ban":
-        if (Core.stringToBool(this.header.dataset.banned || "")) {
-          actionName = "unban";
-        }
-        break;
-
-      case "disableAvatar":
-        if (Core.stringToBool(this.header.dataset.disableAvatar || "")) {
-          actionName = "enableAvatar";
-        }
-        break;
-
-      case "disableCoverPhoto":
-        if (Core.stringToBool(this.header.dataset.disableCoverPhoto || "")) {
-          actionName = "enableCoverPhoto";
-        }
-        break;
-
-      case "disableSignature":
-        if (Core.stringToBool(this.header.dataset.disableSignature || "")) {
-          actionName = "enableSignature";
-        }
-        break;
-
-      case "enable":
-        actionName = Core.stringToBool(this.header.dataset.isDisabled || "") ? "enable" : "disable";
-        break;
-    }
-
-    if (actionName === "") {
-      this.actionName = action;
-
-      UiDialog.open(this);
-    } else {
-      Ajax.api(this, {
-        actionName: actionName,
-      });
-    }
-  }
-
-  /**
-   * Handles form submit and input validation.
-   */
-  _submit(event: Event): void {
-    event.preventDefault();
-
-    const label = document.getElementById("wcfUiUserEditorExpiresLabel") as HTMLElement;
-
-    let expires = "";
-    let errorMessage = "";
-    const neverExpires = document.getElementById("wcfUiUserEditorNeverExpires") as HTMLInputElement;
-    if (!neverExpires.checked) {
-      const expireValue = document.getElementById("wcfUiUserEditorExpiresDatePicker") as HTMLInputElement;
-      expires = expireValue.value;
-      if (expires === "") {
-        errorMessage = Language.get("wcf.global.form.error.empty");
-      }
-    }
-
-    DomUtil.innerError(label, errorMessage);
-
-    const parameters = {};
-    parameters[this.actionName + "Expires"] = expires;
-    const reason = document.getElementById("wcfUiUserEditorReason") as HTMLTextAreaElement;
-    parameters[this.actionName + "Reason"] = reason.value.trim();
-
-    Ajax.api(this, {
-      actionName: this.actionName,
-      parameters: parameters,
-    });
-  }
-
-  _ajaxSuccess(data): void {
-    let button: HTMLElement;
-    switch (data.actionName) {
-      case "ban":
-      case "unban": {
-        this.header.dataset.banned = data.actionName === "ban" ? "true" : "false";
-        button = document.querySelector(".userProfileHeader__managementOptions .jsButtonUserBan") as HTMLElement;
-        button.textContent = Language.get("wcf.user." + (data.actionName === "ban" ? "unban" : "ban"));
-
-        const contentTitle = this.header.querySelector(".userProfileHeader__username") as HTMLElement;
-        let banIcon = contentTitle.querySelector(".jsUserBanned") as HTMLElement;
-        if (data.actionName === "ban") {
-          banIcon = document.createElement("span");
-          banIcon.innerHTML = '<fa-icon size="16" name="lock"></fa-icon>';
-          banIcon.classList.add("jsUserBanned", "jsTooltip");
-          banIcon.title = data.returnValues;
-          contentTitle.appendChild(banIcon);
-        } else if (banIcon) {
-          banIcon.remove();
-        }
-        break;
-      }
-
-      case "disableAvatar":
-      case "enableAvatar":
-        this.header.dataset.disableAvatar = data.actionName === "disableAvatar" ? "true" : "false";
-        button = document.querySelector(
-          ".userProfileHeader__managementOptions .jsButtonUserDisableAvatar",
-        ) as HTMLElement;
-        button.textContent = Language.get(
-          "wcf.user." + (data.actionName === "disableAvatar" ? "enable" : "disable") + "Avatar",
-        );
-        break;
-
-      case "disableCoverPhoto":
-      case "enableCoverPhoto":
-        this.header.dataset.disableCoverPhoto = data.actionName === "disableCoverPhoto" ? "true" : "false";
-        button = document.querySelector(
-          ".userProfileHeader__managementOptions .jsButtonUserDisableCoverPhoto",
-        ) as HTMLElement;
-        button.textContent = Language.get(
-          "wcf.user." + (data.actionName === "disableCoverPhoto" ? "enable" : "disable") + "CoverPhoto",
-        );
-        break;
-
-      case "disableSignature":
-      case "enableSignature":
-        this.header.dataset.disableSignature = data.actionName === "disableSignature" ? "true" : "false";
-        button = document.querySelector(
-          ".userProfileHeader__managementOptions .jsButtonUserDisableSignature",
-        ) as HTMLElement;
-        button.textContent = Language.get(
-          "wcf.user." + (data.actionName === "disableSignature" ? "enable" : "disable") + "Signature",
-        );
-        break;
-
-      case "enable":
-      case "disable":
-        this.header.dataset.isDisabled = data.actionName === "disable" ? "true" : "false";
-        button = document.querySelector(".userProfileHeader__managementOptions .jsButtonUserEnable") as HTMLElement;
-        button.textContent = Language.get("wcf.acp.user." + (data.actionName === "enable" ? "disable" : "enable"));
-        break;
-    }
-
-    if (["ban", "disableAvatar", "disableCoverPhoto", "disableSignature"].indexOf(data.actionName) !== -1) {
-      UiDialog.close(this);
-    }
-
-    showDefaultSuccessSnackbar();
-  }
-
-  _ajaxSetup(): ReturnType<AjaxCallbackSetup> {
-    return {
-      data: {
-        className: "wcf\\data\\user\\UserAction",
-        objectIDs: [+this.header.dataset.objectId!],
-      },
-    };
-  }
-
-  _dialogSetup(): ReturnType<DialogCallbackSetup> {
-    return {
-      id: "wcfUiUserEditor",
-      options: {
-        onSetup: (content) => {
-          const checkbox = document.getElementById("wcfUiUserEditorNeverExpires") as HTMLInputElement;
-          checkbox.addEventListener("change", () => {
-            const settings = document.getElementById("wcfUiUserEditorExpiresSettings") as HTMLElement;
-            DomUtil[checkbox.checked ? "hide" : "show"](settings);
-          });
-
-          const submitButton = content.querySelector("button.buttonPrimary") as HTMLButtonElement;
-          submitButton.addEventListener("click", this._submit.bind(this));
-        },
-        onShow: (content) => {
-          UiDialog.setTitle("wcfUiUserEditor", Language.get("wcf.user." + this.actionName + ".confirmMessage"));
-
-          const reason = document.getElementById("wcfUiUserEditorReason") as HTMLElement;
-          let label = reason.nextElementSibling as HTMLElement;
-          const phrase = "wcf.user." + this.actionName + ".reason.description";
-          label.textContent = Language.get(phrase);
-          if (label.textContent === phrase) {
-            DomUtil.hide(label);
-          } else {
-            DomUtil.show(label);
-          }
-
-          label = document.getElementById("wcfUiUserEditorNeverExpires")!.nextElementSibling as HTMLElement;
-          label.textContent = Language.get("wcf.user." + this.actionName + ".neverExpires");
-
-          label = content.querySelector('label[for="wcfUiUserEditorExpires"]') as HTMLElement;
-          label.textContent = Language.get("wcf.user." + this.actionName + ".expires");
-
-          label = document.getElementById("wcfUiUserEditorExpiresLabel") as HTMLElement;
-          label.textContent = Language.get("wcf.user." + this.actionName + ".expires.description");
-        },
-      },
-      source: `<div class="section">
-        <dl>
-          <dt><label for="wcfUiUserEditorReason">${Language.get("wcf.global.reason")}</label></dt>
-          <dd><textarea id="wcfUiUserEditorReason" cols="40" rows="3"></textarea><small></small></dd>
-        </dl>
-        <dl>
-          <dt></dt>
-          <dd><label><input type="checkbox" id="wcfUiUserEditorNeverExpires" checked> <span></span></label></dd>
-        </dl>
-        <dl id="wcfUiUserEditorExpiresSettings" style="display: none">
-          <dt><label for="wcfUiUserEditorExpires"></label></dt>
-          <dd>
-            <input type="date" name="wcfUiUserEditorExpires" id="wcfUiUserEditorExpires" class="medium" min="${new Date(
-              window.TIME_NOW * 1000,
-            ).toISOString()}" data-ignore-timezone="true">
-            <small id="wcfUiUserEditorExpiresLabel"></small>
-          </dd>
-        </dl>
-      </div>
-      <div class="formSubmit">
-        <button type="button" class="button buttonPrimary">${Language.get("wcf.global.button.submit")}</button>
-      </div>`,
-    };
-  }
-}
-
-/**
- * Initializes the user editor.
- */
-export function init(): void {
-  new UserEditor();
-}
diff --git a/wcfsetup/install/files/js/WoltLabSuite/Core/Ui/User/Editor.js b/wcfsetup/install/files/js/WoltLabSuite/Core/Ui/User/Editor.js
deleted file mode 100644
index f4574ce156..0000000000
--- a/wcfsetup/install/files/js/WoltLabSuite/Core/Ui/User/Editor.js
+++ /dev/null
@@ -1,224 +0,0 @@
-/**
- * Simple notification overlay.
- *
- * @author  Alexander Ebert
- * @copyright  2001-2019 WoltLab GmbH
- * @license  GNU Lesser General Public License <http://opensource.org/licenses/lgpl-license.php>
- * @woltlabExcludeBundle all
- */
-define(["require", "exports", "tslib", "../../Ajax", "../../Core", "../../Dom/Util", "../../Language", "../../StringUtil", "../Dialog", "WoltLabSuite/Core/Component/Snackbar"], function (require, exports, tslib_1, Ajax, Core, Util_1, Language, StringUtil, Dialog_1, Snackbar_1) {
-    "use strict";
-    Object.defineProperty(exports, "__esModule", { value: true });
-    exports.init = init;
-    Ajax = tslib_1.__importStar(Ajax);
-    Core = tslib_1.__importStar(Core);
-    Util_1 = tslib_1.__importDefault(Util_1);
-    Language = tslib_1.__importStar(Language);
-    StringUtil = tslib_1.__importStar(StringUtil);
-    Dialog_1 = tslib_1.__importDefault(Dialog_1);
-    class UserEditor {
-        actionName = "";
-        header;
-        constructor() {
-            this.header = document.querySelector(".userProfileHeader");
-            ["ban", "disableAvatar", "disableCoverPhoto", "disableSignature", "enable"].forEach((action) => {
-                const button = document.querySelector(".userProfileHeader__managementOptions .jsButtonUser" + StringUtil.ucfirst(action));
-                // The button is missing if the current user lacks the permission.
-                if (button) {
-                    button.dataset.action = action;
-                    button.addEventListener("click", (ev) => this._click(ev));
-                }
-            });
-        }
-        /**
-         * Handles clicks on action buttons.
-         */
-        _click(event) {
-            event.preventDefault();
-            const target = event.currentTarget;
-            const action = target.dataset.action || "";
-            let actionName = "";
-            switch (action) {
-                case "ban":
-                    if (Core.stringToBool(this.header.dataset.banned || "")) {
-                        actionName = "unban";
-                    }
-                    break;
-                case "disableAvatar":
-                    if (Core.stringToBool(this.header.dataset.disableAvatar || "")) {
-                        actionName = "enableAvatar";
-                    }
-                    break;
-                case "disableCoverPhoto":
-                    if (Core.stringToBool(this.header.dataset.disableCoverPhoto || "")) {
-                        actionName = "enableCoverPhoto";
-                    }
-                    break;
-                case "disableSignature":
-                    if (Core.stringToBool(this.header.dataset.disableSignature || "")) {
-                        actionName = "enableSignature";
-                    }
-                    break;
-                case "enable":
-                    actionName = Core.stringToBool(this.header.dataset.isDisabled || "") ? "enable" : "disable";
-                    break;
-            }
-            if (actionName === "") {
-                this.actionName = action;
-                Dialog_1.default.open(this);
-            }
-            else {
-                Ajax.api(this, {
-                    actionName: actionName,
-                });
-            }
-        }
-        /**
-         * Handles form submit and input validation.
-         */
-        _submit(event) {
-            event.preventDefault();
-            const label = document.getElementById("wcfUiUserEditorExpiresLabel");
-            let expires = "";
-            let errorMessage = "";
-            const neverExpires = document.getElementById("wcfUiUserEditorNeverExpires");
-            if (!neverExpires.checked) {
-                const expireValue = document.getElementById("wcfUiUserEditorExpiresDatePicker");
-                expires = expireValue.value;
-                if (expires === "") {
-                    errorMessage = Language.get("wcf.global.form.error.empty");
-                }
-            }
-            Util_1.default.innerError(label, errorMessage);
-            const parameters = {};
-            parameters[this.actionName + "Expires"] = expires;
-            const reason = document.getElementById("wcfUiUserEditorReason");
-            parameters[this.actionName + "Reason"] = reason.value.trim();
-            Ajax.api(this, {
-                actionName: this.actionName,
-                parameters: parameters,
-            });
-        }
-        _ajaxSuccess(data) {
-            let button;
-            switch (data.actionName) {
-                case "ban":
-                case "unban": {
-                    this.header.dataset.banned = data.actionName === "ban" ? "true" : "false";
-                    button = document.querySelector(".userProfileHeader__managementOptions .jsButtonUserBan");
-                    button.textContent = Language.get("wcf.user." + (data.actionName === "ban" ? "unban" : "ban"));
-                    const contentTitle = this.header.querySelector(".userProfileHeader__username");
-                    let banIcon = contentTitle.querySelector(".jsUserBanned");
-                    if (data.actionName === "ban") {
-                        banIcon = document.createElement("span");
-                        banIcon.innerHTML = '<fa-icon size="16" name="lock"></fa-icon>';
-                        banIcon.classList.add("jsUserBanned", "jsTooltip");
-                        banIcon.title = data.returnValues;
-                        contentTitle.appendChild(banIcon);
-                    }
-                    else if (banIcon) {
-                        banIcon.remove();
-                    }
-                    break;
-                }
-                case "disableAvatar":
-                case "enableAvatar":
-                    this.header.dataset.disableAvatar = data.actionName === "disableAvatar" ? "true" : "false";
-                    button = document.querySelector(".userProfileHeader__managementOptions .jsButtonUserDisableAvatar");
-                    button.textContent = Language.get("wcf.user." + (data.actionName === "disableAvatar" ? "enable" : "disable") + "Avatar");
-                    break;
-                case "disableCoverPhoto":
-                case "enableCoverPhoto":
-                    this.header.dataset.disableCoverPhoto = data.actionName === "disableCoverPhoto" ? "true" : "false";
-                    button = document.querySelector(".userProfileHeader__managementOptions .jsButtonUserDisableCoverPhoto");
-                    button.textContent = Language.get("wcf.user." + (data.actionName === "disableCoverPhoto" ? "enable" : "disable") + "CoverPhoto");
-                    break;
-                case "disableSignature":
-                case "enableSignature":
-                    this.header.dataset.disableSignature = data.actionName === "disableSignature" ? "true" : "false";
-                    button = document.querySelector(".userProfileHeader__managementOptions .jsButtonUserDisableSignature");
-                    button.textContent = Language.get("wcf.user." + (data.actionName === "disableSignature" ? "enable" : "disable") + "Signature");
-                    break;
-                case "enable":
-                case "disable":
-                    this.header.dataset.isDisabled = data.actionName === "disable" ? "true" : "false";
-                    button = document.querySelector(".userProfileHeader__managementOptions .jsButtonUserEnable");
-                    button.textContent = Language.get("wcf.acp.user." + (data.actionName === "enable" ? "disable" : "enable"));
-                    break;
-            }
-            if (["ban", "disableAvatar", "disableCoverPhoto", "disableSignature"].indexOf(data.actionName) !== -1) {
-                Dialog_1.default.close(this);
-            }
-            (0, Snackbar_1.showDefaultSuccessSnackbar)();
-        }
-        _ajaxSetup() {
-            return {
-                data: {
-                    className: "wcf\\data\\user\\UserAction",
-                    objectIDs: [+this.header.dataset.objectId],
-                },
-            };
-        }
-        _dialogSetup() {
-            return {
-                id: "wcfUiUserEditor",
-                options: {
-                    onSetup: (content) => {
-                        const checkbox = document.getElementById("wcfUiUserEditorNeverExpires");
-                        checkbox.addEventListener("change", () => {
-                            const settings = document.getElementById("wcfUiUserEditorExpiresSettings");
-                            Util_1.default[checkbox.checked ? "hide" : "show"](settings);
-                        });
-                        const submitButton = content.querySelector("button.buttonPrimary");
-                        submitButton.addEventListener("click", this._submit.bind(this));
-                    },
-                    onShow: (content) => {
-                        Dialog_1.default.setTitle("wcfUiUserEditor", Language.get("wcf.user." + this.actionName + ".confirmMessage"));
-                        const reason = document.getElementById("wcfUiUserEditorReason");
-                        let label = reason.nextElementSibling;
-                        const phrase = "wcf.user." + this.actionName + ".reason.description";
-                        label.textContent = Language.get(phrase);
-                        if (label.textContent === phrase) {
-                            Util_1.default.hide(label);
-                        }
-                        else {
-                            Util_1.default.show(label);
-                        }
-                        label = document.getElementById("wcfUiUserEditorNeverExpires").nextElementSibling;
-                        label.textContent = Language.get("wcf.user." + this.actionName + ".neverExpires");
-                        label = content.querySelector('label[for="wcfUiUserEditorExpires"]');
-                        label.textContent = Language.get("wcf.user." + this.actionName + ".expires");
-                        label = document.getElementById("wcfUiUserEditorExpiresLabel");
-                        label.textContent = Language.get("wcf.user." + this.actionName + ".expires.description");
-                    },
-                },
-                source: `<div class="section">
-        <dl>
-          <dt><label for="wcfUiUserEditorReason">${Language.get("wcf.global.reason")}</label></dt>
-          <dd><textarea id="wcfUiUserEditorReason" cols="40" rows="3"></textarea><small></small></dd>
-        </dl>
-        <dl>
-          <dt></dt>
-          <dd><label><input type="checkbox" id="wcfUiUserEditorNeverExpires" checked> <span></span></label></dd>
-        </dl>
-        <dl id="wcfUiUserEditorExpiresSettings" style="display: none">
-          <dt><label for="wcfUiUserEditorExpires"></label></dt>
-          <dd>
-            <input type="date" name="wcfUiUserEditorExpires" id="wcfUiUserEditorExpires" class="medium" min="${new Date(window.TIME_NOW * 1000).toISOString()}" data-ignore-timezone="true">
-            <small id="wcfUiUserEditorExpiresLabel"></small>
-          </dd>
-        </dl>
-      </div>
-      <div class="formSubmit">
-        <button type="button" class="button buttonPrimary">${Language.get("wcf.global.button.submit")}</button>
-      </div>`,
-            };
-        }
-    }
-    /**
-     * Initializes the user editor.
-     */
-    function init() {
-        new UserEditor();
-    }
-});
diff --git a/wcfsetup/install/files/lib/system/interaction/user/UserManagementInteractions.class.php b/wcfsetup/install/files/lib/system/interaction/user/UserManagementInteractions.class.php
index 6cb7740c8f..a1859081bc 100644
--- a/wcfsetup/install/files/lib/system/interaction/user/UserManagementInteractions.class.php
+++ b/wcfsetup/install/files/lib/system/interaction/user/UserManagementInteractions.class.php
@@ -7,22 +7,19 @@
 use wcf\action\UserDisableAvatarAction;
 use wcf\action\UserDisableCoverPhotoAction;
 use wcf\action\UserDisableSignatureAction;
-use wcf\data\DatabaseObject;
 use wcf\data\user\group\UserGroup;
 use wcf\data\user\UserProfile;
 use wcf\event\interaction\user\UserManagementInteractionCollecting;
 use wcf\system\event\EventHandler;
-use wcf\system\interaction\AbstractInteraction;
 use wcf\system\interaction\AbstractInteractionProvider;
 use wcf\system\interaction\FormBuilderDialogInteraction;
+use wcf\system\interaction\LinkInteraction;
 use wcf\system\interaction\RpcInteraction;
 use wcf\system\request\LinkHandler;
 use wcf\system\WCF;
-use wcf\util\StringUtil;
 
 /**
  * Interaction provider for the management context menu in user profiles.
- * This interaction provider currently only works on the user profile page due to the nature of the underlying (outdated) JavaScript code.
  *
  * @author      Marcel Werk
  * @copyright   2001-2025 WoltLab GmbH

From 6051f1465b2f13fbf2ef15dcca6eb7e1b6b5bcca Mon Sep 17 00:00:00 2001
From: Cyperghost <olaf_schmitz_1@t-online.de>
Date: Mon, 28 Jul 2025 18:11:54 +0200
Subject: [PATCH 09/19] Use `LinkInteraction` instead of an abstract
 Interaction

---
 .../user/UserManagementInteractions.class.php | 37 +++++++++++--------
 1 file changed, 22 insertions(+), 15 deletions(-)

diff --git a/wcfsetup/install/files/lib/system/interaction/user/UserManagementInteractions.class.php b/wcfsetup/install/files/lib/system/interaction/user/UserManagementInteractions.class.php
index a1859081bc..8700f12aa7 100644
--- a/wcfsetup/install/files/lib/system/interaction/user/UserManagementInteractions.class.php
+++ b/wcfsetup/install/files/lib/system/interaction/user/UserManagementInteractions.class.php
@@ -243,23 +243,30 @@ static function (UserProfile $user): bool {
             )
         );
 
-        if (WCF::getSession()->getPermission('admin.general.canUseAcp') && WCF::getSession()->getPermission('admin.user.canEditUser')) {
-            $this->addInteraction(
-                new class('edit', static fn (UserProfile $user) => UserGroup::isAccessibleGroup($user->getGroupIDs()) && WCF::getUser()->userID !== $user->userID) extends AbstractInteraction {
-                    #[\Override]
-                    public function render(DatabaseObject $object): string
-                    {
-                        return \sprintf(
-                            '<a href="%s">%s</a>',
-                            StringUtil::encodeHTML(
-                                LinkHandler::getInstance()->getControllerLink(UserEditForm::class, ['id' => $object->getObjectID()])
-                            ),
-                            WCF::getLanguage()->get('wcf.user.edit')
-                        );
+        $this->addInteraction(
+            new LinkInteraction(
+                'edit',
+                UserEditForm::class,
+                'wcf.user.edit',
+                static function (UserProfile $user): bool {
+                    if (WCF::getUser()->userID === $user->userID) {
+                        return false;
+                    }
+                    if (!WCF::getSession()->getPermission('admin.general.canUseAcp')) {
+                        return false;
+                    }
+                    if (!WCF::getSession()->getPermission('admin.user.canEditUser')) {
+                        return false;
                     }
+                    if (!UserGroup::isAccessibleGroup($user->getGroupIDs())) {
+                        return false;
+                    }
+
+                    return true;
                 }
-            );
-        }
+            )
+        );
+
 
         EventHandler::getInstance()->fire(
             new UserManagementInteractionCollecting($this)

From 8d8e636aaa35211465b67e5c63af7a4aa6671393 Mon Sep 17 00:00:00 2001
From: Cyperghost <olaf_schmitz_1@t-online.de>
Date: Mon, 28 Jul 2025 18:17:10 +0200
Subject: [PATCH 10/19] Remove data attributes that are no longer needed

---
 .../templates/userProfileHeader.tpl           | 22 +------------------
 1 file changed, 1 insertion(+), 21 deletions(-)

diff --git a/com.woltlab.wcf/templates/userProfileHeader.tpl b/com.woltlab.wcf/templates/userProfileHeader.tpl
index dbbe025249..d649ff1af0 100644
--- a/com.woltlab.wcf/templates/userProfileHeader.tpl
+++ b/com.woltlab.wcf/templates/userProfileHeader.tpl
@@ -1,24 +1,4 @@
-<header
-	class="userProfileHeader"
-	data-object-id="{$view->user->userID}"
-	{if $view->isInAccessibleGroup()}
-		{if $__wcf->session->getPermission('admin.user.canBanUser')}
-			data-banned="{$view->user->banned}"
-		{/if}
-		{if $__wcf->session->getPermission('admin.user.canDisableAvatar')}
-			data-disable-avatar="{$view->user->disableAvatar}"
-		{/if}
-		{if $__wcf->session->getPermission('admin.user.canDisableSignature')}
-			data-disable-signature="{$view->user->disableSignature}"
-		{/if}
-		{if $__wcf->session->getPermission('admin.user.canDisableCoverPhoto')}
-			data-disable-cover-photo="{$view->user->disableCoverPhoto}"
-		{/if}
-		{if $__wcf->session->getPermission('admin.user.canEnableUser')}
-			data-is-disabled="{if $view->user->activationCode}true{else}false{/if}"
-		{/if}
-	{/if}
->
+<header class="userProfileHeader" data-object-id="{$view->user->userID}">
 	<div class="userProfileHeader__coverPhotoContainer">
 		<div class="userProfileHeader__coverPhoto">
 			<img src="{$view->user->getCoverPhoto()->getURL()}" data-object-id="{$view->user->getCoverPhoto()->getObjectID()}" class="userProfileHeader__coverPhotoImage">

From b65c31aa769dbb306bc5bc305d4f95993894dbee Mon Sep 17 00:00:00 2001
From: Cyperghost <olaf_schmitz_1@t-online.de>
Date: Mon, 28 Jul 2025 18:26:01 +0200
Subject: [PATCH 11/19] Simplify the action for enabling/disabling a user's
 avatar/signature/cover photo.

---
 .../files/lib/action/UserBanAction.class.php  | 69 +++-------------
 .../action/UserDisableAvatarAction.class.php  | 69 +++-------------
 .../UserDisableCoverPhotoAction.class.php     | 69 +++-------------
 .../UserDisableSignatureAction.class.php      | 69 +++-------------
 .../lib/action/UserManagementAction.class.php | 82 +++++++++++++++++++
 5 files changed, 134 insertions(+), 224 deletions(-)
 create mode 100644 wcfsetup/install/files/lib/action/UserManagementAction.class.php

diff --git a/wcfsetup/install/files/lib/action/UserBanAction.class.php b/wcfsetup/install/files/lib/action/UserBanAction.class.php
index 8a6ab89efd..acd9f2532f 100644
--- a/wcfsetup/install/files/lib/action/UserBanAction.class.php
+++ b/wcfsetup/install/files/lib/action/UserBanAction.class.php
@@ -2,14 +2,7 @@
 
 namespace wcf\action;
 
-use Laminas\Diactoros\Response\JsonResponse;
-use Psr\Http\Message\ResponseInterface;
-use Psr\Http\Message\ServerRequestInterface;
-use Psr\Http\Server\RequestHandlerInterface;
-use wcf\data\user\group\UserGroup;
 use wcf\data\user\UserProfile;
-use wcf\http\Helper;
-use wcf\system\cache\runtime\UserProfileRuntimeCache;
 use wcf\system\exception\IllegalLinkException;
 use wcf\system\exception\PermissionDeniedException;
 use wcf\system\form\builder\field\BooleanFormField;
@@ -28,73 +21,37 @@
  * @license GNU Lesser General Public License <http://opensource.org/licenses/lgpl-license.php>
  * @since 6.3
  */
-final class UserBanAction implements RequestHandlerInterface
+final class UserBanAction extends UserManagementAction
 {
     #[\Override]
-    public function handle(ServerRequestInterface $request): ResponseInterface
+    protected function performAction(UserProfile $userProfile, array $data): void
     {
-        $parameters = Helper::mapQueryParameters(
-            $request->getQueryParams(),
-            <<<'EOT'
-                array {
-                    id: positive-int
-                }
-                EOT
-        );
-
-        $user = UserProfileRuntimeCache::getInstance()->getObject($parameters['id']);
-        $this->assertUserCanBeBanned($user);
-
-        $form = $this->getForm();
-
-        if ($request->getMethod() === 'GET') {
-            return $form->toResponse();
-        } elseif ($request->getMethod() === 'POST') {
-            $response = $form->validateRequest($request);
-            if ($response !== null) {
-                return $response;
-            }
-
-            $data = $form->getData()['data'];
-            $reason = $data['reason'];
-            if ($data['neverExpires']) {
-                $expires = null;
-            } else {
-                $expires = $data['expires'];
-            }
-
-            (new Ban($user->getDecoratedObject(), $reason, $expires))();
-
-            return new JsonResponse([]);
+        $reason = $data['reason'];
+        if ($data['neverExpires']) {
+            $expires = null;
         } else {
-            throw new \LogicException('Unreachable');
+            $expires = $data['expires'];
         }
+
+        (new Ban($userProfile->getDecoratedObject(), $reason, $expires))();
     }
 
-    private function assertUserCanBeBanned(?UserProfile $userProfile): void
+    #[\Override]
+    protected function assertUserCanBeManaged(?UserProfile $userProfile): void
     {
-        if (!$userProfile) {
-            throw new IllegalLinkException();
-        }
-
-        if ($userProfile->userID === WCF::getUser()->userID) {
-            throw new IllegalLinkException();
-        }
+        parent::assertUserCanBeManaged($userProfile);
 
         if (!WCF::getSession()->getPermission('admin.user.canBanUser')) {
             throw new PermissionDeniedException();
         }
 
-        if (!UserGroup::isAccessibleGroup($userProfile->getGroupIDs())) {
-            throw new PermissionDeniedException();
-        }
-
         if ($userProfile->banned !== 0) {
             throw new IllegalLinkException();
         }
     }
 
-    private function getForm(): Psr15DialogForm
+    #[\Override]
+    protected function getForm(): Psr15DialogForm
     {
         $form = new Psr15DialogForm(
             static::class,
diff --git a/wcfsetup/install/files/lib/action/UserDisableAvatarAction.class.php b/wcfsetup/install/files/lib/action/UserDisableAvatarAction.class.php
index 7923008ed9..f170adea83 100644
--- a/wcfsetup/install/files/lib/action/UserDisableAvatarAction.class.php
+++ b/wcfsetup/install/files/lib/action/UserDisableAvatarAction.class.php
@@ -2,14 +2,7 @@
 
 namespace wcf\action;
 
-use Laminas\Diactoros\Response\JsonResponse;
-use Psr\Http\Message\ResponseInterface;
-use Psr\Http\Message\ServerRequestInterface;
-use Psr\Http\Server\RequestHandlerInterface;
-use wcf\data\user\group\UserGroup;
 use wcf\data\user\UserProfile;
-use wcf\http\Helper;
-use wcf\system\cache\runtime\UserProfileRuntimeCache;
 use wcf\system\exception\IllegalLinkException;
 use wcf\system\exception\PermissionDeniedException;
 use wcf\system\form\builder\field\BooleanFormField;
@@ -28,73 +21,37 @@
  * @license GNU Lesser General Public License <http://opensource.org/licenses/lgpl-license.php>
  * @since 6.3
  */
-final class UserDisableAvatarAction implements RequestHandlerInterface
+final class UserDisableAvatarAction extends UserManagementAction
 {
     #[\Override]
-    public function handle(ServerRequestInterface $request): ResponseInterface
+    protected function performAction(UserProfile $userProfile, array $data): void
     {
-        $parameters = Helper::mapQueryParameters(
-            $request->getQueryParams(),
-            <<<'EOT'
-                array {
-                    id: positive-int
-                }
-                EOT
-        );
-
-        $user = UserProfileRuntimeCache::getInstance()->getObject($parameters['id']);
-        $this->assertAvatarCanBeDisabled($user);
-
-        $form = $this->getForm();
-
-        if ($request->getMethod() === 'GET') {
-            return $form->toResponse();
-        } elseif ($request->getMethod() === 'POST') {
-            $response = $form->validateRequest($request);
-            if ($response !== null) {
-                return $response;
-            }
-
-            $data = $form->getData()['data'];
-            $reason = $data['reason'];
-            if ($data['neverExpires']) {
-                $expires = null;
-            } else {
-                $expires = $data['expires'];
-            }
-
-            (new DisableAvatar($user->getDecoratedObject(), $reason, $expires))();
-
-            return new JsonResponse([]);
+        $reason = $data['reason'];
+        if ($data['neverExpires']) {
+            $expires = null;
         } else {
-            throw new \LogicException('Unreachable');
+            $expires = $data['expires'];
         }
+
+        (new DisableAvatar($userProfile->getDecoratedObject(), $reason, $expires))();
     }
 
-    private function assertAvatarCanBeDisabled(?UserProfile $userProfile): void
+    #[\Override]
+    protected function assertUserCanBeManaged(?UserProfile $userProfile): void
     {
-        if (!$userProfile) {
-            throw new IllegalLinkException();
-        }
-
-        if ($userProfile->userID === WCF::getUser()->userID) {
-            throw new IllegalLinkException();
-        }
+        parent::assertUserCanBeManaged($userProfile);
 
         if (!WCF::getSession()->getPermission('admin.user.canDisableAvatar')) {
             throw new PermissionDeniedException();
         }
 
-        if (!UserGroup::isAccessibleGroup($userProfile->getGroupIDs())) {
-            throw new PermissionDeniedException();
-        }
-
         if ($userProfile->disableAvatar !== 0) {
             throw new IllegalLinkException();
         }
     }
 
-    private function getForm(): Psr15DialogForm
+    #[\Override]
+    protected function getForm(): Psr15DialogForm
     {
         $form = new Psr15DialogForm(
             static::class,
diff --git a/wcfsetup/install/files/lib/action/UserDisableCoverPhotoAction.class.php b/wcfsetup/install/files/lib/action/UserDisableCoverPhotoAction.class.php
index 71981574fb..6c81391c69 100644
--- a/wcfsetup/install/files/lib/action/UserDisableCoverPhotoAction.class.php
+++ b/wcfsetup/install/files/lib/action/UserDisableCoverPhotoAction.class.php
@@ -2,14 +2,7 @@
 
 namespace wcf\action;
 
-use Laminas\Diactoros\Response\JsonResponse;
-use Psr\Http\Message\ResponseInterface;
-use Psr\Http\Message\ServerRequestInterface;
-use Psr\Http\Server\RequestHandlerInterface;
-use wcf\data\user\group\UserGroup;
 use wcf\data\user\UserProfile;
-use wcf\http\Helper;
-use wcf\system\cache\runtime\UserProfileRuntimeCache;
 use wcf\system\exception\IllegalLinkException;
 use wcf\system\exception\PermissionDeniedException;
 use wcf\system\form\builder\field\BooleanFormField;
@@ -28,73 +21,37 @@
  * @license GNU Lesser General Public License <http://opensource.org/licenses/lgpl-license.php>
  * @since 6.3
  */
-final class UserDisableCoverPhotoAction implements RequestHandlerInterface
+final class UserDisableCoverPhotoAction extends UserManagementAction
 {
     #[\Override]
-    public function handle(ServerRequestInterface $request): ResponseInterface
+    protected function performAction(UserProfile $userProfile, array $data): void
     {
-        $parameters = Helper::mapQueryParameters(
-            $request->getQueryParams(),
-            <<<'EOT'
-                array {
-                    id: positive-int
-                }
-                EOT
-        );
-
-        $user = UserProfileRuntimeCache::getInstance()->getObject($parameters['id']);
-        $this->assertCoverPhotoCanBeDisabled($user);
-
-        $form = $this->getForm();
-
-        if ($request->getMethod() === 'GET') {
-            return $form->toResponse();
-        } elseif ($request->getMethod() === 'POST') {
-            $response = $form->validateRequest($request);
-            if ($response !== null) {
-                return $response;
-            }
-
-            $data = $form->getData()['data'];
-            $reason = $data['reason'];
-            if ($data['neverExpires']) {
-                $expires = null;
-            } else {
-                $expires = $data['expires'];
-            }
-
-            (new DisableCoverPhoto($user->getDecoratedObject(), $reason, $expires))();
-
-            return new JsonResponse([]);
+        $reason = $data['reason'];
+        if ($data['neverExpires']) {
+            $expires = null;
         } else {
-            throw new \LogicException('Unreachable');
+            $expires = $data['expires'];
         }
+
+        (new DisableCoverPhoto($userProfile->getDecoratedObject(), $reason, $expires))();
     }
 
-    private function assertCoverPhotoCanBeDisabled(?UserProfile $userProfile): void
+    #[\Override]
+    protected function assertUserCanBeManaged(?UserProfile $userProfile): void
     {
-        if (!$userProfile) {
-            throw new IllegalLinkException();
-        }
-
-        if ($userProfile->userID === WCF::getUser()->userID) {
-            throw new IllegalLinkException();
-        }
+        parent::assertUserCanBeManaged($userProfile);
 
         if (!WCF::getSession()->getPermission('admin.user.canDisableCoverPhoto')) {
             throw new PermissionDeniedException();
         }
 
-        if (!UserGroup::isAccessibleGroup($userProfile->getGroupIDs())) {
-            throw new PermissionDeniedException();
-        }
-
         if ($userProfile->disableCoverPhoto !== 0) {
             throw new IllegalLinkException();
         }
     }
 
-    private function getForm(): Psr15DialogForm
+    #[\Override]
+    protected function getForm(): Psr15DialogForm
     {
         $form = new Psr15DialogForm(
             static::class,
diff --git a/wcfsetup/install/files/lib/action/UserDisableSignatureAction.class.php b/wcfsetup/install/files/lib/action/UserDisableSignatureAction.class.php
index 8ad1805006..ce0a234c92 100644
--- a/wcfsetup/install/files/lib/action/UserDisableSignatureAction.class.php
+++ b/wcfsetup/install/files/lib/action/UserDisableSignatureAction.class.php
@@ -2,14 +2,7 @@
 
 namespace wcf\action;
 
-use Laminas\Diactoros\Response\JsonResponse;
-use Psr\Http\Message\ResponseInterface;
-use Psr\Http\Message\ServerRequestInterface;
-use Psr\Http\Server\RequestHandlerInterface;
-use wcf\data\user\group\UserGroup;
 use wcf\data\user\UserProfile;
-use wcf\http\Helper;
-use wcf\system\cache\runtime\UserProfileRuntimeCache;
 use wcf\system\exception\IllegalLinkException;
 use wcf\system\exception\PermissionDeniedException;
 use wcf\system\form\builder\field\BooleanFormField;
@@ -28,73 +21,37 @@
  * @license GNU Lesser General Public License <http://opensource.org/licenses/lgpl-license.php>
  * @since 6.3
  */
-final class UserDisableSignatureAction implements RequestHandlerInterface
+final class UserDisableSignatureAction extends UserManagementAction
 {
     #[\Override]
-    public function handle(ServerRequestInterface $request): ResponseInterface
+    protected function performAction(UserProfile $userProfile, array $data): void
     {
-        $parameters = Helper::mapQueryParameters(
-            $request->getQueryParams(),
-            <<<'EOT'
-                array {
-                    id: positive-int
-                }
-                EOT
-        );
-
-        $user = UserProfileRuntimeCache::getInstance()->getObject($parameters['id']);
-        $this->assertSignatureCanBeDisabled($user);
-
-        $form = $this->getForm();
-
-        if ($request->getMethod() === 'GET') {
-            return $form->toResponse();
-        } elseif ($request->getMethod() === 'POST') {
-            $response = $form->validateRequest($request);
-            if ($response !== null) {
-                return $response;
-            }
-
-            $data = $form->getData()['data'];
-            $reason = $data['reason'];
-            if ($data['neverExpires']) {
-                $expires = null;
-            } else {
-                $expires = $data['expires'];
-            }
-
-            (new DisableSignature($user->getDecoratedObject(), $reason, $expires))();
-
-            return new JsonResponse([]);
+        $reason = $data['reason'];
+        if ($data['neverExpires']) {
+            $expires = null;
         } else {
-            throw new \LogicException('Unreachable');
+            $expires = $data['expires'];
         }
+
+        (new DisableSignature($userProfile->getDecoratedObject(), $reason, $expires))();
     }
 
-    private function assertSignatureCanBeDisabled(?UserProfile $userProfile): void
+    #[\Override]
+    protected function assertUserCanBeManaged(?UserProfile $userProfile): void
     {
-        if (!$userProfile) {
-            throw new IllegalLinkException();
-        }
-
-        if ($userProfile->userID === WCF::getUser()->userID) {
-            throw new IllegalLinkException();
-        }
+        parent::assertUserCanBeManaged($userProfile);
 
         if (!WCF::getSession()->getPermission('admin.user.canDisableSignature')) {
             throw new PermissionDeniedException();
         }
 
-        if (!UserGroup::isAccessibleGroup($userProfile->getGroupIDs())) {
-            throw new PermissionDeniedException();
-        }
-
         if ($userProfile->disableSignature !== 0) {
             throw new IllegalLinkException();
         }
     }
 
-    private function getForm(): Psr15DialogForm
+    #[\Override]
+    protected function getForm(): Psr15DialogForm
     {
         $form = new Psr15DialogForm(
             static::class,
diff --git a/wcfsetup/install/files/lib/action/UserManagementAction.class.php b/wcfsetup/install/files/lib/action/UserManagementAction.class.php
new file mode 100644
index 0000000000..e710a67d78
--- /dev/null
+++ b/wcfsetup/install/files/lib/action/UserManagementAction.class.php
@@ -0,0 +1,82 @@
+<?php
+
+namespace wcf\action;
+
+use Laminas\Diactoros\Response\JsonResponse;
+use Psr\Http\Message\ResponseInterface;
+use Psr\Http\Message\ServerRequestInterface;
+use Psr\Http\Server\RequestHandlerInterface;
+use wcf\data\user\group\UserGroup;
+use wcf\data\user\UserProfile;
+use wcf\http\Helper;
+use wcf\system\cache\runtime\UserProfileRuntimeCache;
+use wcf\system\exception\IllegalLinkException;
+use wcf\system\exception\PermissionDeniedException;
+use wcf\system\form\builder\Psr15DialogForm;
+use wcf\system\WCF;
+
+/**
+ * @author Olaf Braun
+ * @copyright 2001-2025 WoltLab GmbH
+ * @license GNU Lesser General Public License <http://opensource.org/licenses/lgpl-license.php>
+ * @since 6.3
+ */
+abstract class UserManagementAction implements RequestHandlerInterface
+{
+    #[\Override]
+    public function handle(ServerRequestInterface $request): ResponseInterface
+    {
+        $parameters = Helper::mapQueryParameters(
+            $request->getQueryParams(),
+            <<<'EOT'
+                array {
+                    id: positive-int
+                }
+                EOT
+        );
+
+        $user = UserProfileRuntimeCache::getInstance()->getObject($parameters['id']);
+        $this->assertUserCanBeManaged($user);
+
+        $form = $this->getForm();
+
+        if ($request->getMethod() === 'GET') {
+            return $form->toResponse();
+        } elseif ($request->getMethod() === 'POST') {
+            $response = $form->validateRequest($request);
+            if ($response !== null) {
+                return $response;
+            }
+
+            $data = $form->getData()['data'];
+
+            $this->performAction($user, $data);
+
+            return new JsonResponse([]);
+        } else {
+            throw new \LogicException('Unreachable');
+        }
+    }
+
+    protected function assertUserCanBeManaged(?UserProfile $userProfile): void
+    {
+        if (!$userProfile) {
+            throw new IllegalLinkException();
+        }
+
+        if ($userProfile->userID === WCF::getUser()->userID) {
+            throw new IllegalLinkException();
+        }
+
+        if (!UserGroup::isAccessibleGroup($userProfile->getGroupIDs())) {
+            throw new PermissionDeniedException();
+        }
+    }
+
+    /**
+     * @param array<string, mixed> $data
+     */
+    abstract protected function performAction(UserProfile $userProfile, array $data): void;
+
+    abstract protected function getForm(): Psr15DialogForm;
+}

From 726d7c059c7547ccdc268eacf673d1a41128ad01 Mon Sep 17 00:00:00 2001
From: Cyperghost <olaf_schmitz_1@t-online.de>
Date: Mon, 28 Jul 2025 18:52:32 +0200
Subject: [PATCH 12/19] Use `UserAction` directly so that the events continue
 to function.

---
 .../core/users/EnableUserAvatar.class.php     |  4 +--
 .../core/users/EnableUserCoverPhoto.class.php |  4 +--
 .../core/users/EnableUserSignature.class.php  |  4 +--
 .../controller/core/users/UnbanUser.class.php |  4 +--
 .../lib/system/user/command/Ban.class.php     | 16 ++++++----
 .../user/command/DisableAvatar.class.php      | 18 ++++++-----
 .../user/command/DisableCoverPhoto.class.php  | 18 ++++++-----
 .../user/command/DisableSignature.class.php   | 18 ++++++-----
 .../user/command/EnableAvatar.class.php       | 31 -------------------
 .../user/command/EnableCoverPhoto.class.php   | 31 -------------------
 .../user/command/EnableSignature.class.php    | 31 -------------------
 .../lib/system/user/command/Unban.class.php   | 31 -------------------
 12 files changed, 51 insertions(+), 159 deletions(-)
 delete mode 100644 wcfsetup/install/files/lib/system/user/command/EnableAvatar.class.php
 delete mode 100644 wcfsetup/install/files/lib/system/user/command/EnableCoverPhoto.class.php
 delete mode 100644 wcfsetup/install/files/lib/system/user/command/EnableSignature.class.php
 delete mode 100644 wcfsetup/install/files/lib/system/user/command/Unban.class.php

diff --git a/wcfsetup/install/files/lib/system/endpoint/controller/core/users/EnableUserAvatar.class.php b/wcfsetup/install/files/lib/system/endpoint/controller/core/users/EnableUserAvatar.class.php
index 4f10c296b0..a11da31944 100644
--- a/wcfsetup/install/files/lib/system/endpoint/controller/core/users/EnableUserAvatar.class.php
+++ b/wcfsetup/install/files/lib/system/endpoint/controller/core/users/EnableUserAvatar.class.php
@@ -7,12 +7,12 @@
 use Psr\Http\Message\ServerRequestInterface;
 use wcf\data\user\group\UserGroup;
 use wcf\data\user\User;
+use wcf\data\user\UserAction;
 use wcf\http\Helper;
 use wcf\system\endpoint\IController;
 use wcf\system\endpoint\PostRequest;
 use wcf\system\exception\IllegalLinkException;
 use wcf\system\exception\PermissionDeniedException;
-use wcf\system\user\command\EnableAvatar;
 use wcf\system\WCF;
 
 /**
@@ -34,7 +34,7 @@ public function __invoke(ServerRequestInterface $request, array $variables): Res
         $this->assertAvatarCanBeEnabled($user);
 
         if ($user->disableAvatar) {
-            (new EnableAvatar($user))();
+            (new UserAction([$user], 'enableAvatar'))->executeAction();
         }
 
         return new JsonResponse([]);
diff --git a/wcfsetup/install/files/lib/system/endpoint/controller/core/users/EnableUserCoverPhoto.class.php b/wcfsetup/install/files/lib/system/endpoint/controller/core/users/EnableUserCoverPhoto.class.php
index 66682a9c32..28fe1cfa23 100644
--- a/wcfsetup/install/files/lib/system/endpoint/controller/core/users/EnableUserCoverPhoto.class.php
+++ b/wcfsetup/install/files/lib/system/endpoint/controller/core/users/EnableUserCoverPhoto.class.php
@@ -7,12 +7,12 @@
 use Psr\Http\Message\ServerRequestInterface;
 use wcf\data\user\group\UserGroup;
 use wcf\data\user\User;
+use wcf\data\user\UserAction;
 use wcf\http\Helper;
 use wcf\system\endpoint\IController;
 use wcf\system\endpoint\PostRequest;
 use wcf\system\exception\IllegalLinkException;
 use wcf\system\exception\PermissionDeniedException;
-use wcf\system\user\command\EnableCoverPhoto;
 use wcf\system\WCF;
 
 /**
@@ -34,7 +34,7 @@ public function __invoke(ServerRequestInterface $request, array $variables): Res
         $this->assertCoverPhotoCanBeEnabled($user);
 
         if ($user->disableCoverPhoto) {
-            (new EnableCoverPhoto($user))();
+            (new UserAction([$user], 'enableCoverPhoto'))->executeAction();
         }
 
         return new JsonResponse([]);
diff --git a/wcfsetup/install/files/lib/system/endpoint/controller/core/users/EnableUserSignature.class.php b/wcfsetup/install/files/lib/system/endpoint/controller/core/users/EnableUserSignature.class.php
index 912eff6f01..f5845433a0 100644
--- a/wcfsetup/install/files/lib/system/endpoint/controller/core/users/EnableUserSignature.class.php
+++ b/wcfsetup/install/files/lib/system/endpoint/controller/core/users/EnableUserSignature.class.php
@@ -7,12 +7,12 @@
 use Psr\Http\Message\ServerRequestInterface;
 use wcf\data\user\group\UserGroup;
 use wcf\data\user\User;
+use wcf\data\user\UserAction;
 use wcf\http\Helper;
 use wcf\system\endpoint\IController;
 use wcf\system\endpoint\PostRequest;
 use wcf\system\exception\IllegalLinkException;
 use wcf\system\exception\PermissionDeniedException;
-use wcf\system\user\command\EnableSignature;
 use wcf\system\WCF;
 
 /**
@@ -34,7 +34,7 @@ public function __invoke(ServerRequestInterface $request, array $variables): Res
         $this->assertSignatureCanBeEnabled($user);
 
         if ($user->disableSignature) {
-            (new EnableSignature($user))();
+            (new UserAction([$user], 'enableSignature'))->executeAction();
         }
 
         return new JsonResponse([]);
diff --git a/wcfsetup/install/files/lib/system/endpoint/controller/core/users/UnbanUser.class.php b/wcfsetup/install/files/lib/system/endpoint/controller/core/users/UnbanUser.class.php
index a47fe70634..2fb99f40a7 100644
--- a/wcfsetup/install/files/lib/system/endpoint/controller/core/users/UnbanUser.class.php
+++ b/wcfsetup/install/files/lib/system/endpoint/controller/core/users/UnbanUser.class.php
@@ -7,12 +7,12 @@
 use Psr\Http\Message\ServerRequestInterface;
 use wcf\data\user\group\UserGroup;
 use wcf\data\user\User;
+use wcf\data\user\UserAction;
 use wcf\http\Helper;
 use wcf\system\endpoint\IController;
 use wcf\system\endpoint\PostRequest;
 use wcf\system\exception\IllegalLinkException;
 use wcf\system\exception\PermissionDeniedException;
-use wcf\system\user\command\Unban;
 use wcf\system\WCF;
 
 /**
@@ -34,7 +34,7 @@ public function __invoke(ServerRequestInterface $request, array $variables): Res
         $this->assertUserCanUnbanned($user);
 
         if ($user->banned) {
-            (new Unban($user))();
+            (new UserAction([$user], 'unban'))->executeAction();
         }
 
         return new JsonResponse([]);
diff --git a/wcfsetup/install/files/lib/system/user/command/Ban.class.php b/wcfsetup/install/files/lib/system/user/command/Ban.class.php
index 53596bad07..51a73912b5 100644
--- a/wcfsetup/install/files/lib/system/user/command/Ban.class.php
+++ b/wcfsetup/install/files/lib/system/user/command/Ban.class.php
@@ -3,7 +3,8 @@
 namespace wcf\system\user\command;
 
 use wcf\data\user\User;
-use wcf\data\user\UserEditor;
+use wcf\data\user\UserAction;
+use wcf\util\DateUtil;
 
 /**
  * Ban a user.
@@ -24,11 +25,14 @@ public function __construct(
 
     public function __invoke(): void
     {
-        $editor = new UserEditor($this->user);
-        $editor->update([
-            'banned' => 1,
+        $banExpires = null;
+        if ($this->banExpires !== null) {
+            $banExpires = DateUtil::getDateTimeByTimestamp($this->banExpires)->format('Y-m-d');
+        }
+
+        (new UserAction([$this->user], 'ban', [
             'banReason' => $this->reason,
-            'banExpires' => $this->banExpires ?? 0,
-        ]);
+            'banExpires' => $banExpires,
+        ]))->executeAction();
     }
 }
diff --git a/wcfsetup/install/files/lib/system/user/command/DisableAvatar.class.php b/wcfsetup/install/files/lib/system/user/command/DisableAvatar.class.php
index 34dc18b102..75c169e59b 100644
--- a/wcfsetup/install/files/lib/system/user/command/DisableAvatar.class.php
+++ b/wcfsetup/install/files/lib/system/user/command/DisableAvatar.class.php
@@ -3,7 +3,8 @@
 namespace wcf\system\user\command;
 
 use wcf\data\user\User;
-use wcf\data\user\UserEditor;
+use wcf\data\user\UserAction;
+use wcf\util\DateUtil;
 
 /**
  * Disable a user's avatar.
@@ -18,17 +19,20 @@ final class DisableAvatar
     public function __construct(
         private readonly User $user,
         private readonly string $reason,
-        private readonly ?int $banExpires = null,
+        private readonly ?int $expires = null,
     ) {
     }
 
     public function __invoke(): void
     {
-        $editor = new UserEditor($this->user);
-        $editor->update([
-            'disableAvatar' => 1,
+        $expires = null;
+        if ($this->expires !== null) {
+            $expires = DateUtil::getDateTimeByTimestamp($this->expires)->format('Y-m-d');
+        }
+
+        (new UserAction([$this->user], 'disableAvatar', [
             'disableAvatarReason' => $this->reason,
-            'disableAvatarExpires' => $this->banExpires ?? 0,
-        ]);
+            'disableAvatarExpires' => $expires,
+        ]))->executeAction();
     }
 }
diff --git a/wcfsetup/install/files/lib/system/user/command/DisableCoverPhoto.class.php b/wcfsetup/install/files/lib/system/user/command/DisableCoverPhoto.class.php
index 647a44d3c3..283ee4a9f8 100644
--- a/wcfsetup/install/files/lib/system/user/command/DisableCoverPhoto.class.php
+++ b/wcfsetup/install/files/lib/system/user/command/DisableCoverPhoto.class.php
@@ -3,7 +3,8 @@
 namespace wcf\system\user\command;
 
 use wcf\data\user\User;
-use wcf\data\user\UserEditor;
+use wcf\data\user\UserAction;
+use wcf\util\DateUtil;
 
 /**
  * Disable a user's cover photo.
@@ -18,17 +19,20 @@ final class DisableCoverPhoto
     public function __construct(
         private readonly User $user,
         private readonly string $reason,
-        private readonly ?int $banExpires = null,
+        private readonly ?int $expires = null,
     ) {
     }
 
     public function __invoke(): void
     {
-        $editor = new UserEditor($this->user);
-        $editor->update([
-            'disableCoverPhoto' => 1,
+        $expires = null;
+        if ($this->expires !== null) {
+            $expires = DateUtil::getDateTimeByTimestamp($this->expires)->format('Y-m-d');
+        }
+
+        (new UserAction([$this->user], 'disableCoverPhoto', [
             'disableCoverPhotoReason' => $this->reason,
-            'disableCoverPhotoExpires' => $this->banExpires ?? 0,
-        ]);
+            'disableCoverPhotoExpires' => $expires,
+        ]))->executeAction();
     }
 }
diff --git a/wcfsetup/install/files/lib/system/user/command/DisableSignature.class.php b/wcfsetup/install/files/lib/system/user/command/DisableSignature.class.php
index 60bbeeb540..d32ec5b0f6 100644
--- a/wcfsetup/install/files/lib/system/user/command/DisableSignature.class.php
+++ b/wcfsetup/install/files/lib/system/user/command/DisableSignature.class.php
@@ -3,7 +3,8 @@
 namespace wcf\system\user\command;
 
 use wcf\data\user\User;
-use wcf\data\user\UserEditor;
+use wcf\data\user\UserAction;
+use wcf\util\DateUtil;
 
 /**
  * Disable a user's signature.
@@ -18,17 +19,20 @@ final class DisableSignature
     public function __construct(
         private readonly User $user,
         private readonly string $reason,
-        private readonly ?int $banExpires = null,
+        private readonly ?int $expires = null,
     ) {
     }
 
     public function __invoke(): void
     {
-        $editor = new UserEditor($this->user);
-        $editor->update([
-            'disableSignature' => 1,
+        $expires = null;
+        if ($this->expires !== null) {
+            $expires = DateUtil::getDateTimeByTimestamp($this->expires)->format('Y-m-d');
+        }
+
+        (new UserAction([$this->user], 'disableSignature', [
             'disableSignatureReason' => $this->reason,
-            'disableSignatureExpires' => $this->banExpires ?? 0,
-        ]);
+            'disableSignatureExpires' => $expires,
+        ]))->executeAction();
     }
 }
diff --git a/wcfsetup/install/files/lib/system/user/command/EnableAvatar.class.php b/wcfsetup/install/files/lib/system/user/command/EnableAvatar.class.php
deleted file mode 100644
index 5a207f7fb8..0000000000
--- a/wcfsetup/install/files/lib/system/user/command/EnableAvatar.class.php
+++ /dev/null
@@ -1,31 +0,0 @@
-<?php
-
-namespace wcf\system\user\command;
-
-use wcf\data\user\User;
-use wcf\data\user\UserEditor;
-
-/**
- * Enable a user's avatar.
- *
- * @author Olaf Braun
- * @copyright 2001-2025 WoltLab GmbH
- * @license GNU Lesser General Public License <http://opensource.org/licenses/lgpl-license.php>
- * @since 6.3
- */
-final class EnableAvatar
-{
-    public function __construct(
-        private readonly User $user,
-    ) {
-    }
-
-    public function __invoke(): void
-    {
-        $editor = new UserEditor($this->user);
-        $editor->update([
-            'disableAvatar' => 0,
-            'disableAvatarExpires' => 0,
-        ]);
-    }
-}
diff --git a/wcfsetup/install/files/lib/system/user/command/EnableCoverPhoto.class.php b/wcfsetup/install/files/lib/system/user/command/EnableCoverPhoto.class.php
deleted file mode 100644
index 8289fe1329..0000000000
--- a/wcfsetup/install/files/lib/system/user/command/EnableCoverPhoto.class.php
+++ /dev/null
@@ -1,31 +0,0 @@
-<?php
-
-namespace wcf\system\user\command;
-
-use wcf\data\user\User;
-use wcf\data\user\UserEditor;
-
-/**
- * Enable a user's cover photo.
- *
- * @author Olaf Braun
- * @copyright 2001-2025 WoltLab GmbH
- * @license GNU Lesser General Public License <http://opensource.org/licenses/lgpl-license.php>
- * @since 6.3
- */
-final class EnableCoverPhoto
-{
-    public function __construct(
-        private readonly User $user,
-    ) {
-    }
-
-    public function __invoke(): void
-    {
-        $editor = new UserEditor($this->user);
-        $editor->update([
-            'disableCoverPhoto' => 0,
-            'disableCoverPhotoExpires' => 0,
-        ]);
-    }
-}
diff --git a/wcfsetup/install/files/lib/system/user/command/EnableSignature.class.php b/wcfsetup/install/files/lib/system/user/command/EnableSignature.class.php
deleted file mode 100644
index 7f9b3d7753..0000000000
--- a/wcfsetup/install/files/lib/system/user/command/EnableSignature.class.php
+++ /dev/null
@@ -1,31 +0,0 @@
-<?php
-
-namespace wcf\system\user\command;
-
-use wcf\data\user\User;
-use wcf\data\user\UserEditor;
-
-/**
- * Enable a user's signature.
- *
- * @author Olaf Braun
- * @copyright 2001-2025 WoltLab GmbH
- * @license GNU Lesser General Public License <http://opensource.org/licenses/lgpl-license.php>
- * @since 6.3
- */
-final class EnableSignature
-{
-    public function __construct(
-        private readonly User $user,
-    ) {
-    }
-
-    public function __invoke(): void
-    {
-        $editor = new UserEditor($this->user);
-        $editor->update([
-            'disableSignature' => 0,
-            'disableSignatureExpires' => 0,
-        ]);
-    }
-}
diff --git a/wcfsetup/install/files/lib/system/user/command/Unban.class.php b/wcfsetup/install/files/lib/system/user/command/Unban.class.php
deleted file mode 100644
index c3c0963e3c..0000000000
--- a/wcfsetup/install/files/lib/system/user/command/Unban.class.php
+++ /dev/null
@@ -1,31 +0,0 @@
-<?php
-
-namespace wcf\system\user\command;
-
-use wcf\data\user\User;
-use wcf\data\user\UserEditor;
-
-/**
- * Unban a user.
- *
- * @author Olaf Braun
- * @copyright 2001-2025 WoltLab GmbH
- * @license GNU Lesser General Public License <http://opensource.org/licenses/lgpl-license.php>
- * @since 6.3
- */
-final class Unban
-{
-    public function __construct(
-        private readonly User $user,
-    ) {
-    }
-
-    public function __invoke(): void
-    {
-        $editor = new UserEditor($this->user);
-        $editor->update([
-            'banned' => 0,
-            'banExpires' => 0,
-        ]);
-    }
-}

From 21f2a8af4c5596d38aa2158d163e7eb30e26da94 Mon Sep 17 00:00:00 2001
From: Olaf Braun <info@braun-development.de>
Date: Tue, 29 Jul 2025 12:46:57 +0200
Subject: [PATCH 13/19] Reload context menu if `this.#reloadContextMenu` is
 `true`

---
 .../Core/Component/Interaction/StandaloneButton.ts          | 6 +++++-
 .../Core/Component/Interaction/StandaloneButton.js          | 5 ++++-
 2 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/ts/WoltLabSuite/Core/Component/Interaction/StandaloneButton.ts b/ts/WoltLabSuite/Core/Component/Interaction/StandaloneButton.ts
index 206683396e..ef9f83e929 100644
--- a/ts/WoltLabSuite/Core/Component/Interaction/StandaloneButton.ts
+++ b/ts/WoltLabSuite/Core/Component/Interaction/StandaloneButton.ts
@@ -49,6 +49,10 @@ export class StandaloneButton {
   }
 
   async #refreshContextMenu(): Promise<void> {
+    if (!this.#reloadContextMenu) {
+      return;
+    }
+
     const { template } = await getContextMenuOptions(this.#providerClassName, this.#objectId);
 
     const dropdown = this.#getDropdownMenu();
@@ -62,7 +66,7 @@ export class StandaloneButton {
   }
 
   async #refreshHeader(): Promise<void> {
-    if (!this.#reloadContextMenu || !this.#reloadHeaderEndpoint || !this.#headerCssClassName) {
+    if (!this.#reloadHeaderEndpoint || !this.#headerCssClassName) {
       return;
     }
 
diff --git a/wcfsetup/install/files/js/WoltLabSuite/Core/Component/Interaction/StandaloneButton.js b/wcfsetup/install/files/js/WoltLabSuite/Core/Component/Interaction/StandaloneButton.js
index 5478be4b68..0e43dfbf70 100644
--- a/wcfsetup/install/files/js/WoltLabSuite/Core/Component/Interaction/StandaloneButton.js
+++ b/wcfsetup/install/files/js/WoltLabSuite/Core/Component/Interaction/StandaloneButton.js
@@ -31,6 +31,9 @@ define(["require", "exports", "tslib", "WoltLabSuite/Core/Api/GetObject", "WoltL
             this.#initEventListeners();
         }
         async #refreshContextMenu() {
+            if (!this.#reloadContextMenu) {
+                return;
+            }
             const { template } = await (0, GetContextMenuOptions_1.getContextMenuOptions)(this.#providerClassName, this.#objectId);
             const dropdown = this.#getDropdownMenu();
             if (!dropdown) {
@@ -40,7 +43,7 @@ define(["require", "exports", "tslib", "WoltLabSuite/Core/Api/GetObject", "WoltL
             this.#initInteractions();
         }
         async #refreshHeader() {
-            if (!this.#reloadContextMenu || !this.#reloadHeaderEndpoint || !this.#headerCssClassName) {
+            if (!this.#reloadHeaderEndpoint || !this.#headerCssClassName) {
                 return;
             }
             const header = document.querySelector(`${this.#headerCssClassName}`);

From 30b594b7d1a94c6b59d52e421ca884a0c7903915 Mon Sep 17 00:00:00 2001
From: Cyperghost <olaf_schmitz_1@t-online.de>
Date: Tue, 29 Jul 2025 13:51:28 +0200
Subject: [PATCH 14/19] Rename `Ban` to `BanUser`

---
 wcfsetup/install/files/lib/action/UserBanAction.class.php     | 4 ++--
 .../system/user/command/{Ban.class.php => BanUser.class.php}  | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)
 rename wcfsetup/install/files/lib/system/user/command/{Ban.class.php => BanUser.class.php} (97%)

diff --git a/wcfsetup/install/files/lib/action/UserBanAction.class.php b/wcfsetup/install/files/lib/action/UserBanAction.class.php
index acd9f2532f..b45fdd61c8 100644
--- a/wcfsetup/install/files/lib/action/UserBanAction.class.php
+++ b/wcfsetup/install/files/lib/action/UserBanAction.class.php
@@ -10,7 +10,7 @@
 use wcf\system\form\builder\field\dependency\EmptyFormFieldDependency;
 use wcf\system\form\builder\field\MultilineTextFormField;
 use wcf\system\form\builder\Psr15DialogForm;
-use wcf\system\user\command\Ban;
+use wcf\system\user\command\BanUser;
 use wcf\system\WCF;
 
 /**
@@ -33,7 +33,7 @@ protected function performAction(UserProfile $userProfile, array $data): void
             $expires = $data['expires'];
         }
 
-        (new Ban($userProfile->getDecoratedObject(), $reason, $expires))();
+        (new BanUser($userProfile->getDecoratedObject(), $reason, $expires))();
     }
 
     #[\Override]
diff --git a/wcfsetup/install/files/lib/system/user/command/Ban.class.php b/wcfsetup/install/files/lib/system/user/command/BanUser.class.php
similarity index 97%
rename from wcfsetup/install/files/lib/system/user/command/Ban.class.php
rename to wcfsetup/install/files/lib/system/user/command/BanUser.class.php
index 51a73912b5..43d952cee5 100644
--- a/wcfsetup/install/files/lib/system/user/command/Ban.class.php
+++ b/wcfsetup/install/files/lib/system/user/command/BanUser.class.php
@@ -14,7 +14,7 @@
  * @license GNU Lesser General Public License <http://opensource.org/licenses/lgpl-license.php>
  * @since 6.3
  */
-final class Ban
+final class BanUser
 {
     public function __construct(
         private readonly User $user,

From c899ba3cc614935b2d59f9c224bd58af248ccab2 Mon Sep 17 00:00:00 2001
From: Olaf Braun <olaf_schmitz_1@t-online.de>
Date: Tue, 29 Jul 2025 13:52:14 +0200
Subject: [PATCH 15/19] Apply suggestions from code review

Co-authored-by: Marcel Werk <burntime@woltlab.com>
---
 .../install/files/lib/system/user/command/BanUser.class.php    | 2 +-
 .../files/lib/system/user/command/DisableAvatar.class.php      | 2 +-
 .../files/lib/system/user/command/DisableCoverPhoto.class.php  | 2 +-
 .../files/lib/system/user/command/DisableSignature.class.php   | 2 +-
 .../system/view/user/profile/UserProfileHeaderView.class.php   | 3 ++-
 5 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/wcfsetup/install/files/lib/system/user/command/BanUser.class.php b/wcfsetup/install/files/lib/system/user/command/BanUser.class.php
index 43d952cee5..c97e5557e0 100644
--- a/wcfsetup/install/files/lib/system/user/command/BanUser.class.php
+++ b/wcfsetup/install/files/lib/system/user/command/BanUser.class.php
@@ -19,7 +19,7 @@ final class BanUser
     public function __construct(
         private readonly User $user,
         private readonly string $reason,
-        private readonly ?int $banExpires = null,
+        private readonly int $banExpires = 0,
     ) {
     }
 
diff --git a/wcfsetup/install/files/lib/system/user/command/DisableAvatar.class.php b/wcfsetup/install/files/lib/system/user/command/DisableAvatar.class.php
index 75c169e59b..ecb0ab42bf 100644
--- a/wcfsetup/install/files/lib/system/user/command/DisableAvatar.class.php
+++ b/wcfsetup/install/files/lib/system/user/command/DisableAvatar.class.php
@@ -19,7 +19,7 @@ final class DisableAvatar
     public function __construct(
         private readonly User $user,
         private readonly string $reason,
-        private readonly ?int $expires = null,
+        private readonly int $expires = 0,
     ) {
     }
 
diff --git a/wcfsetup/install/files/lib/system/user/command/DisableCoverPhoto.class.php b/wcfsetup/install/files/lib/system/user/command/DisableCoverPhoto.class.php
index 283ee4a9f8..e73e1b8c5b 100644
--- a/wcfsetup/install/files/lib/system/user/command/DisableCoverPhoto.class.php
+++ b/wcfsetup/install/files/lib/system/user/command/DisableCoverPhoto.class.php
@@ -19,7 +19,7 @@ final class DisableCoverPhoto
     public function __construct(
         private readonly User $user,
         private readonly string $reason,
-        private readonly ?int $expires = null,
+        private readonly int $expires = 0,
     ) {
     }
 
diff --git a/wcfsetup/install/files/lib/system/user/command/DisableSignature.class.php b/wcfsetup/install/files/lib/system/user/command/DisableSignature.class.php
index d32ec5b0f6..c169a7b7c5 100644
--- a/wcfsetup/install/files/lib/system/user/command/DisableSignature.class.php
+++ b/wcfsetup/install/files/lib/system/user/command/DisableSignature.class.php
@@ -19,7 +19,7 @@ final class DisableSignature
     public function __construct(
         private readonly User $user,
         private readonly string $reason,
-        private readonly ?int $expires = null,
+        private readonly int $expires = 0,
     ) {
     }
 
diff --git a/wcfsetup/install/files/lib/system/view/user/profile/UserProfileHeaderView.class.php b/wcfsetup/install/files/lib/system/view/user/profile/UserProfileHeaderView.class.php
index a2c7668ace..1561d87919 100644
--- a/wcfsetup/install/files/lib/system/view/user/profile/UserProfileHeaderView.class.php
+++ b/wcfsetup/install/files/lib/system/view/user/profile/UserProfileHeaderView.class.php
@@ -154,7 +154,8 @@ private function initManagementContextMenu(): void
                 tooltip: 'wcf.user.profile.management',
                 icon: FontAwesomeIcon::fromValues('gear'),
             ),
-            headerCssClassName: '.userProfileHeader'
+            headerCssClassName: '.userProfileHeader',
+            reloadContextMenu: false
         );
 
         if (!$this->isInAccessibleGroup() || $this->user->userID == WCF::getUser()->userID) {

From 04249a36165523109130819f8aa9c39ee10f0cb3 Mon Sep 17 00:00:00 2001
From: Cyperghost <olaf_schmitz_1@t-online.de>
Date: Tue, 29 Jul 2025 13:56:36 +0200
Subject: [PATCH 16/19] Check whether the user is null directly in `handle()`
 and expect a not nullable `UserProfile` in `assertUserCanBeManaged()`

---
 .../install/files/lib/action/UserBanAction.class.php  |  2 +-
 .../lib/action/UserDisableAvatarAction.class.php      |  2 +-
 .../lib/action/UserDisableCoverPhotoAction.class.php  |  2 +-
 .../lib/action/UserDisableSignatureAction.class.php   |  2 +-
 .../files/lib/action/UserManagementAction.class.php   | 11 ++++++-----
 5 files changed, 10 insertions(+), 9 deletions(-)

diff --git a/wcfsetup/install/files/lib/action/UserBanAction.class.php b/wcfsetup/install/files/lib/action/UserBanAction.class.php
index b45fdd61c8..5c72f17221 100644
--- a/wcfsetup/install/files/lib/action/UserBanAction.class.php
+++ b/wcfsetup/install/files/lib/action/UserBanAction.class.php
@@ -37,7 +37,7 @@ protected function performAction(UserProfile $userProfile, array $data): void
     }
 
     #[\Override]
-    protected function assertUserCanBeManaged(?UserProfile $userProfile): void
+    protected function assertUserCanBeManaged(UserProfile $userProfile): void
     {
         parent::assertUserCanBeManaged($userProfile);
 
diff --git a/wcfsetup/install/files/lib/action/UserDisableAvatarAction.class.php b/wcfsetup/install/files/lib/action/UserDisableAvatarAction.class.php
index f170adea83..1625c866ce 100644
--- a/wcfsetup/install/files/lib/action/UserDisableAvatarAction.class.php
+++ b/wcfsetup/install/files/lib/action/UserDisableAvatarAction.class.php
@@ -37,7 +37,7 @@ protected function performAction(UserProfile $userProfile, array $data): void
     }
 
     #[\Override]
-    protected function assertUserCanBeManaged(?UserProfile $userProfile): void
+    protected function assertUserCanBeManaged(UserProfile $userProfile): void
     {
         parent::assertUserCanBeManaged($userProfile);
 
diff --git a/wcfsetup/install/files/lib/action/UserDisableCoverPhotoAction.class.php b/wcfsetup/install/files/lib/action/UserDisableCoverPhotoAction.class.php
index 6c81391c69..5ebd55ed05 100644
--- a/wcfsetup/install/files/lib/action/UserDisableCoverPhotoAction.class.php
+++ b/wcfsetup/install/files/lib/action/UserDisableCoverPhotoAction.class.php
@@ -37,7 +37,7 @@ protected function performAction(UserProfile $userProfile, array $data): void
     }
 
     #[\Override]
-    protected function assertUserCanBeManaged(?UserProfile $userProfile): void
+    protected function assertUserCanBeManaged(UserProfile $userProfile): void
     {
         parent::assertUserCanBeManaged($userProfile);
 
diff --git a/wcfsetup/install/files/lib/action/UserDisableSignatureAction.class.php b/wcfsetup/install/files/lib/action/UserDisableSignatureAction.class.php
index ce0a234c92..b4cd72b539 100644
--- a/wcfsetup/install/files/lib/action/UserDisableSignatureAction.class.php
+++ b/wcfsetup/install/files/lib/action/UserDisableSignatureAction.class.php
@@ -37,7 +37,7 @@ protected function performAction(UserProfile $userProfile, array $data): void
     }
 
     #[\Override]
-    protected function assertUserCanBeManaged(?UserProfile $userProfile): void
+    protected function assertUserCanBeManaged(UserProfile $userProfile): void
     {
         parent::assertUserCanBeManaged($userProfile);
 
diff --git a/wcfsetup/install/files/lib/action/UserManagementAction.class.php b/wcfsetup/install/files/lib/action/UserManagementAction.class.php
index e710a67d78..d0f47ab8e7 100644
--- a/wcfsetup/install/files/lib/action/UserManagementAction.class.php
+++ b/wcfsetup/install/files/lib/action/UserManagementAction.class.php
@@ -36,6 +36,11 @@ public function handle(ServerRequestInterface $request): ResponseInterface
         );
 
         $user = UserProfileRuntimeCache::getInstance()->getObject($parameters['id']);
+
+        if (!$user) {
+            throw new IllegalLinkException();
+        }
+
         $this->assertUserCanBeManaged($user);
 
         $form = $this->getForm();
@@ -58,12 +63,8 @@ public function handle(ServerRequestInterface $request): ResponseInterface
         }
     }
 
-    protected function assertUserCanBeManaged(?UserProfile $userProfile): void
+    protected function assertUserCanBeManaged(UserProfile $userProfile): void
     {
-        if (!$userProfile) {
-            throw new IllegalLinkException();
-        }
-
         if ($userProfile->userID === WCF::getUser()->userID) {
             throw new IllegalLinkException();
         }

From 610308d0e7883f70f4423fa1ea4c569d562232ce Mon Sep 17 00:00:00 2001
From: Cyperghost <olaf_schmitz_1@t-online.de>
Date: Tue, 29 Jul 2025 14:21:44 +0200
Subject: [PATCH 17/19] Deprecated UserAction methods to ban a user and disable
 avatar, cover photos and signature. Implement events that are triggered when
 this action is performed.

---
 .../files/lib/action/UserBanAction.class.php  |  2 +-
 .../action/UserDisableAvatarAction.class.php  |  2 +-
 .../UserDisableCoverPhotoAction.class.php     |  2 +-
 .../UserDisableSignatureAction.class.php      |  2 +-
 .../files/lib/data/user/UserAction.class.php  | 46 ++++++++-----------
 .../event/user/UserAvatarDisabled.class.php   | 21 +++++++++
 .../files/lib/event/user/UserBanned.class.php | 22 +++++++++
 .../user/UserCoverPhotoDisabled.class.php     | 21 +++++++++
 .../user/UserSignatureDisabled.class.php      | 21 +++++++++
 .../lib/system/user/command/BanUser.class.php | 20 ++++----
 .../user/command/DisableAvatar.class.php      | 20 ++++----
 .../user/command/DisableCoverPhoto.class.php  | 20 ++++----
 .../user/command/DisableSignature.class.php   | 20 ++++----
 13 files changed, 149 insertions(+), 70 deletions(-)
 create mode 100644 wcfsetup/install/files/lib/event/user/UserAvatarDisabled.class.php
 create mode 100644 wcfsetup/install/files/lib/event/user/UserBanned.class.php
 create mode 100644 wcfsetup/install/files/lib/event/user/UserCoverPhotoDisabled.class.php
 create mode 100644 wcfsetup/install/files/lib/event/user/UserSignatureDisabled.class.php

diff --git a/wcfsetup/install/files/lib/action/UserBanAction.class.php b/wcfsetup/install/files/lib/action/UserBanAction.class.php
index 5c72f17221..8f601ab8c9 100644
--- a/wcfsetup/install/files/lib/action/UserBanAction.class.php
+++ b/wcfsetup/install/files/lib/action/UserBanAction.class.php
@@ -28,7 +28,7 @@ protected function performAction(UserProfile $userProfile, array $data): void
     {
         $reason = $data['reason'];
         if ($data['neverExpires']) {
-            $expires = null;
+            $expires = 0;
         } else {
             $expires = $data['expires'];
         }
diff --git a/wcfsetup/install/files/lib/action/UserDisableAvatarAction.class.php b/wcfsetup/install/files/lib/action/UserDisableAvatarAction.class.php
index 1625c866ce..7cbe9b1d98 100644
--- a/wcfsetup/install/files/lib/action/UserDisableAvatarAction.class.php
+++ b/wcfsetup/install/files/lib/action/UserDisableAvatarAction.class.php
@@ -28,7 +28,7 @@ protected function performAction(UserProfile $userProfile, array $data): void
     {
         $reason = $data['reason'];
         if ($data['neverExpires']) {
-            $expires = null;
+            $expires = 0;
         } else {
             $expires = $data['expires'];
         }
diff --git a/wcfsetup/install/files/lib/action/UserDisableCoverPhotoAction.class.php b/wcfsetup/install/files/lib/action/UserDisableCoverPhotoAction.class.php
index 5ebd55ed05..fe2b626e2a 100644
--- a/wcfsetup/install/files/lib/action/UserDisableCoverPhotoAction.class.php
+++ b/wcfsetup/install/files/lib/action/UserDisableCoverPhotoAction.class.php
@@ -28,7 +28,7 @@ protected function performAction(UserProfile $userProfile, array $data): void
     {
         $reason = $data['reason'];
         if ($data['neverExpires']) {
-            $expires = null;
+            $expires = 0;
         } else {
             $expires = $data['expires'];
         }
diff --git a/wcfsetup/install/files/lib/action/UserDisableSignatureAction.class.php b/wcfsetup/install/files/lib/action/UserDisableSignatureAction.class.php
index b4cd72b539..b46e378894 100644
--- a/wcfsetup/install/files/lib/action/UserDisableSignatureAction.class.php
+++ b/wcfsetup/install/files/lib/action/UserDisableSignatureAction.class.php
@@ -28,7 +28,7 @@ protected function performAction(UserProfile $userProfile, array $data): void
     {
         $reason = $data['reason'];
         if ($data['neverExpires']) {
-            $expires = null;
+            $expires = 0;
         } else {
             $expires = $data['expires'];
         }
diff --git a/wcfsetup/install/files/lib/data/user/UserAction.class.php b/wcfsetup/install/files/lib/data/user/UserAction.class.php
index f74ac389fa..18acf84675 100644
--- a/wcfsetup/install/files/lib/data/user/UserAction.class.php
+++ b/wcfsetup/install/files/lib/data/user/UserAction.class.php
@@ -25,6 +25,9 @@
 use wcf\system\request\RequestHandler;
 use wcf\system\session\SessionHandler;
 use wcf\system\style\FontAwesomeIcon;
+use wcf\system\user\command\BanUser;
+use wcf\system\user\command\DisableAvatar;
+use wcf\system\user\command\DisableSignature;
 use wcf\system\user\group\assignment\UserGroupAssignmentHandler;
 use wcf\system\WCF;
 use wcf\util\UserRegistrationUtil;
@@ -225,9 +228,15 @@ public function validateUnban()
      * Bans users.
      *
      * @return string
+     *
+     * @deprecated 6.3 use `BanUser`
      */
     public function ban()
     {
+        if ($this->objects === []) {
+            $this->readObjects();
+        }
+
         $banExpires = $this->parameters['banExpires'];
         if ($banExpires) {
             $banExpires = \DateTimeImmutable::createFromFormat('!Y-m-d', $banExpires, new \DateTimeZone(\TIMEZONE))->getTimestamp();
@@ -238,22 +247,9 @@ public function ban()
             $banExpires = 0;
         }
 
-        $conditionBuilder = new PreparedStatementConditionBuilder();
-        $conditionBuilder->add('userID IN (?)', [$this->objectIDs]);
-
-        $sql = "UPDATE  wcf1_user
-                SET     banned = ?,
-                        banReason = ?,
-                        banExpires = ?
-                " . $conditionBuilder;
-        $statement = WCF::getDB()->prepare($sql);
-        $statement->execute(
-            \array_merge([
-                1,
-                $this->parameters['banReason'],
-                $banExpires,
-            ], $conditionBuilder->getParameters())
-        );
+        foreach ($this->getObjects() as $userEditor) {
+            (new BanUser($userEditor->getDecoratedObject(), $this->parameters['banReason'], $banExpires))();
+        }
 
         $this->unmarkItems();
 
@@ -896,6 +892,8 @@ public function validateDisableSignature()
      * Disables the signature of the handled users.
      *
      * @return void
+     *
+     * @deprecated 6.3 use `DisableSignature`
      */
     public function disableSignature()
     {
@@ -911,11 +909,7 @@ public function disableSignature()
         }
 
         foreach ($this->getObjects() as $userEditor) {
-            $userEditor->update([
-                'disableSignature' => 1,
-                'disableSignatureReason' => $this->parameters['disableSignatureReason'],
-                'disableSignatureExpires' => $disableSignatureExpires,
-            ]);
+            (new DisableSignature($userEditor->getDecoratedObject(), $this->parameters['disableSignatureReason'], $disableSignatureExpires))();
         }
     }
 
@@ -974,6 +968,8 @@ public function validateDisableAvatar()
      * Disables the avatar of the handled users.
      *
      * @return void
+     *
+     * @deprecated 6.3 use `DisableAvatar`
      */
     public function disableAvatar()
     {
@@ -989,11 +985,7 @@ public function disableAvatar()
         }
 
         foreach ($this->getObjects() as $userEditor) {
-            $userEditor->update([
-                'disableAvatar' => 1,
-                'disableAvatarReason' => $this->parameters['disableAvatarReason'],
-                'disableAvatarExpires' => $disableAvatarExpires,
-            ]);
+            (new DisableAvatar($userEditor->getDecoratedObject(), $this->parameters['disableAvatarReason'], $disableAvatarExpires))();
         }
     }
 
@@ -1016,6 +1008,8 @@ public function validateDisableCoverPhoto()
      *
      * @return void
      * @since   5.2
+     *
+     * @deprecated 6.3 use `DisableCoverPhoto`
      */
     public function disableCoverPhoto()
     {
diff --git a/wcfsetup/install/files/lib/event/user/UserAvatarDisabled.class.php b/wcfsetup/install/files/lib/event/user/UserAvatarDisabled.class.php
new file mode 100644
index 0000000000..1bbd4a325c
--- /dev/null
+++ b/wcfsetup/install/files/lib/event/user/UserAvatarDisabled.class.php
@@ -0,0 +1,21 @@
+<?php
+
+namespace wcf\event\user;
+
+use wcf\data\user\User;
+use wcf\event\IPsr14Event;
+
+/**
+ * Indicates that a user's avatar has been disabled.
+ *
+ * @author Olaf Braun
+ * @copyright 2001-2025 WoltLab GmbH
+ * @license GNU Lesser General Public License <http://opensource.org/licenses/lgpl-license.php>
+ * @since 6.3
+ */
+final class UserAvatarDisabled implements IPsr14Event
+{
+    public function __construct(public readonly User $user)
+    {
+    }
+}
diff --git a/wcfsetup/install/files/lib/event/user/UserBanned.class.php b/wcfsetup/install/files/lib/event/user/UserBanned.class.php
new file mode 100644
index 0000000000..e2b8dfe265
--- /dev/null
+++ b/wcfsetup/install/files/lib/event/user/UserBanned.class.php
@@ -0,0 +1,22 @@
+<?php
+
+namespace wcf\event\user;
+
+use wcf\data\user\User;
+use wcf\event\IPsr14Event;
+
+/**
+ * Indicates that a user has been banned.
+ *
+ * @author Olaf Braun
+ * @copyright 2001-2025 WoltLab GmbH
+ * @license GNU Lesser General Public License <http://opensource.org/licenses/lgpl-license.php>
+ * @since 6.3
+ */
+final class UserBanned implements IPsr14Event
+{
+    public function __construct(public readonly User $user)
+    {
+
+    }
+}
diff --git a/wcfsetup/install/files/lib/event/user/UserCoverPhotoDisabled.class.php b/wcfsetup/install/files/lib/event/user/UserCoverPhotoDisabled.class.php
new file mode 100644
index 0000000000..42958b668e
--- /dev/null
+++ b/wcfsetup/install/files/lib/event/user/UserCoverPhotoDisabled.class.php
@@ -0,0 +1,21 @@
+<?php
+
+namespace wcf\event\user;
+
+use wcf\data\user\User;
+use wcf\event\IPsr14Event;
+
+/**
+ * Indicates that a user's cover photo has been disabled.
+ *
+ * @author Olaf Braun
+ * @copyright 2001-2025 WoltLab GmbH
+ * @license GNU Lesser General Public License <http://opensource.org/licenses/lgpl-license.php>
+ * @since 6.3
+ */
+final class UserCoverPhotoDisabled implements IPsr14Event
+{
+    public function __construct(public readonly User $user)
+    {
+    }
+}
diff --git a/wcfsetup/install/files/lib/event/user/UserSignatureDisabled.class.php b/wcfsetup/install/files/lib/event/user/UserSignatureDisabled.class.php
new file mode 100644
index 0000000000..1c56b33e31
--- /dev/null
+++ b/wcfsetup/install/files/lib/event/user/UserSignatureDisabled.class.php
@@ -0,0 +1,21 @@
+<?php
+
+namespace wcf\event\user;
+
+use wcf\data\user\User;
+use wcf\event\IPsr14Event;
+
+/**
+ * Indicates that a user's signature has been disabled.
+ *
+ * @author Olaf Braun
+ * @copyright 2001-2025 WoltLab GmbH
+ * @license GNU Lesser General Public License <http://opensource.org/licenses/lgpl-license.php>
+ * @since 6.3
+ */
+final class UserSignatureDisabled implements IPsr14Event
+{
+    public function __construct(public readonly User $user)
+    {
+    }
+}
diff --git a/wcfsetup/install/files/lib/system/user/command/BanUser.class.php b/wcfsetup/install/files/lib/system/user/command/BanUser.class.php
index c97e5557e0..8015964676 100644
--- a/wcfsetup/install/files/lib/system/user/command/BanUser.class.php
+++ b/wcfsetup/install/files/lib/system/user/command/BanUser.class.php
@@ -3,8 +3,9 @@
 namespace wcf\system\user\command;
 
 use wcf\data\user\User;
-use wcf\data\user\UserAction;
-use wcf\util\DateUtil;
+use wcf\data\user\UserEditor;
+use wcf\event\user\UserBanned;
+use wcf\system\event\EventHandler;
 
 /**
  * Ban a user.
@@ -25,14 +26,13 @@ public function __construct(
 
     public function __invoke(): void
     {
-        $banExpires = null;
-        if ($this->banExpires !== null) {
-            $banExpires = DateUtil::getDateTimeByTimestamp($this->banExpires)->format('Y-m-d');
-        }
-
-        (new UserAction([$this->user], 'ban', [
+        (new UserEditor($this->user))->update([
+            'banned' => 1,
             'banReason' => $this->reason,
-            'banExpires' => $banExpires,
-        ]))->executeAction();
+            'banExpires' => $this->banExpires,
+        ]);
+
+        $event = new UserBanned($this->user);
+        EventHandler::getInstance()->fire($event);
     }
 }
diff --git a/wcfsetup/install/files/lib/system/user/command/DisableAvatar.class.php b/wcfsetup/install/files/lib/system/user/command/DisableAvatar.class.php
index ecb0ab42bf..a1db1df1f5 100644
--- a/wcfsetup/install/files/lib/system/user/command/DisableAvatar.class.php
+++ b/wcfsetup/install/files/lib/system/user/command/DisableAvatar.class.php
@@ -3,8 +3,9 @@
 namespace wcf\system\user\command;
 
 use wcf\data\user\User;
-use wcf\data\user\UserAction;
-use wcf\util\DateUtil;
+use wcf\data\user\UserEditor;
+use wcf\event\user\UserAvatarDisabled;
+use wcf\system\event\EventHandler;
 
 /**
  * Disable a user's avatar.
@@ -25,14 +26,13 @@ public function __construct(
 
     public function __invoke(): void
     {
-        $expires = null;
-        if ($this->expires !== null) {
-            $expires = DateUtil::getDateTimeByTimestamp($this->expires)->format('Y-m-d');
-        }
-
-        (new UserAction([$this->user], 'disableAvatar', [
+        (new UserEditor($this->user))->update([
+            'disableAvatar' => 1,
             'disableAvatarReason' => $this->reason,
-            'disableAvatarExpires' => $expires,
-        ]))->executeAction();
+            'disableAvatarExpires' => $this->expires,
+        ]);
+
+        $event = new UserAvatarDisabled($this->user);
+        EventHandler::getInstance()->fire($event);
     }
 }
diff --git a/wcfsetup/install/files/lib/system/user/command/DisableCoverPhoto.class.php b/wcfsetup/install/files/lib/system/user/command/DisableCoverPhoto.class.php
index e73e1b8c5b..9c1f184336 100644
--- a/wcfsetup/install/files/lib/system/user/command/DisableCoverPhoto.class.php
+++ b/wcfsetup/install/files/lib/system/user/command/DisableCoverPhoto.class.php
@@ -3,8 +3,9 @@
 namespace wcf\system\user\command;
 
 use wcf\data\user\User;
-use wcf\data\user\UserAction;
-use wcf\util\DateUtil;
+use wcf\data\user\UserEditor;
+use wcf\event\user\UserCoverPhotoDisabled;
+use wcf\system\event\EventHandler;
 
 /**
  * Disable a user's cover photo.
@@ -25,14 +26,13 @@ public function __construct(
 
     public function __invoke(): void
     {
-        $expires = null;
-        if ($this->expires !== null) {
-            $expires = DateUtil::getDateTimeByTimestamp($this->expires)->format('Y-m-d');
-        }
-
-        (new UserAction([$this->user], 'disableCoverPhoto', [
+        (new UserEditor($this->user))->update([
+            'disableCoverPhoto' => 1,
             'disableCoverPhotoReason' => $this->reason,
-            'disableCoverPhotoExpires' => $expires,
-        ]))->executeAction();
+            'disableCoverPhotoExpires' => $this->expires,
+        ]);
+
+        $event = new UserCoverPhotoDisabled($this->user);
+        EventHandler::getInstance()->fire($event);
     }
 }
diff --git a/wcfsetup/install/files/lib/system/user/command/DisableSignature.class.php b/wcfsetup/install/files/lib/system/user/command/DisableSignature.class.php
index c169a7b7c5..0e9f5c0889 100644
--- a/wcfsetup/install/files/lib/system/user/command/DisableSignature.class.php
+++ b/wcfsetup/install/files/lib/system/user/command/DisableSignature.class.php
@@ -3,8 +3,9 @@
 namespace wcf\system\user\command;
 
 use wcf\data\user\User;
-use wcf\data\user\UserAction;
-use wcf\util\DateUtil;
+use wcf\data\user\UserEditor;
+use wcf\event\user\UserSignatureDisabled;
+use wcf\system\event\EventHandler;
 
 /**
  * Disable a user's signature.
@@ -25,14 +26,13 @@ public function __construct(
 
     public function __invoke(): void
     {
-        $expires = null;
-        if ($this->expires !== null) {
-            $expires = DateUtil::getDateTimeByTimestamp($this->expires)->format('Y-m-d');
-        }
-
-        (new UserAction([$this->user], 'disableSignature', [
+        (new UserEditor($this->user))->update([
+            'disableSignature' => 1,
             'disableSignatureReason' => $this->reason,
-            'disableSignatureExpires' => $expires,
-        ]))->executeAction();
+            'disableSignatureExpires' => $this->expires,
+        ]);
+
+        $event = new UserSignatureDisabled($this->user);
+        EventHandler::getInstance()->fire($event);
     }
 }

From 2742ab55bbab3758356ed5e716ecef36b88a4385 Mon Sep 17 00:00:00 2001
From: Cyperghost <olaf_schmitz_1@t-online.de>
Date: Wed, 30 Jul 2025 09:11:16 +0200
Subject: [PATCH 18/19] Deprecated UserAction methods to enable/unban a user
 and enable avatar, cover photos and signature. Move this functionality to a
 command. Implement events that are triggered when this action is performed.

---
 .../files/lib/data/user/UserAction.class.php  | 116 +++++-------------
 .../event/user/UserAvatarEnabled.class.php    |  21 ++++
 .../user/UserCoverPhotoEnabled.class.php      |  21 ++++
 .../lib/event/user/UserDisabled.class.php     |  21 ++++
 .../lib/event/user/UserEnabled.class.php      |  21 ++++
 .../event/user/UserSignatureEnabled.class.php |  21 ++++
 .../lib/event/user/UserUnbanned.class.php     |  21 ++++
 .../core/users/DisableUser.class.php          |   3 +-
 .../core/users/EnableUser.class.php           |   3 +-
 .../core/users/EnableUserAvatar.class.php     |   4 +-
 .../core/users/EnableUserCoverPhoto.class.php |   4 +-
 .../core/users/EnableUserSignature.class.php  |   4 +-
 .../controller/core/users/UnbanUser.class.php |   3 +-
 .../system/user/command/DisableUser.class.php |  58 +++++++++
 .../user/command/EnableAvatar.class.php       |  34 +++++
 .../user/command/EnableCoverPhoto.class.php   |  34 +++++
 .../user/command/EnableSignature.class.php    |  33 +++++
 .../system/user/command/EnableUser.class.php  |  91 ++++++++++++++
 .../system/user/command/UnbanUser.class.php   |  34 +++++
 19 files changed, 450 insertions(+), 97 deletions(-)
 create mode 100644 wcfsetup/install/files/lib/event/user/UserAvatarEnabled.class.php
 create mode 100644 wcfsetup/install/files/lib/event/user/UserCoverPhotoEnabled.class.php
 create mode 100644 wcfsetup/install/files/lib/event/user/UserDisabled.class.php
 create mode 100644 wcfsetup/install/files/lib/event/user/UserEnabled.class.php
 create mode 100644 wcfsetup/install/files/lib/event/user/UserSignatureEnabled.class.php
 create mode 100644 wcfsetup/install/files/lib/event/user/UserUnbanned.class.php
 create mode 100644 wcfsetup/install/files/lib/system/user/command/DisableUser.class.php
 create mode 100644 wcfsetup/install/files/lib/system/user/command/EnableAvatar.class.php
 create mode 100644 wcfsetup/install/files/lib/system/user/command/EnableCoverPhoto.class.php
 create mode 100644 wcfsetup/install/files/lib/system/user/command/EnableSignature.class.php
 create mode 100644 wcfsetup/install/files/lib/system/user/command/EnableUser.class.php
 create mode 100644 wcfsetup/install/files/lib/system/user/command/UnbanUser.class.php

diff --git a/wcfsetup/install/files/lib/data/user/UserAction.class.php b/wcfsetup/install/files/lib/data/user/UserAction.class.php
index 18acf84675..5fab218964 100644
--- a/wcfsetup/install/files/lib/data/user/UserAction.class.php
+++ b/wcfsetup/install/files/lib/data/user/UserAction.class.php
@@ -28,9 +28,14 @@
 use wcf\system\user\command\BanUser;
 use wcf\system\user\command\DisableAvatar;
 use wcf\system\user\command\DisableSignature;
+use wcf\system\user\command\DisableUser;
+use wcf\system\user\command\EnableAvatar;
+use wcf\system\user\command\EnableCoverPhoto;
+use wcf\system\user\command\EnableSignature;
+use wcf\system\user\command\EnableUser;
+use wcf\system\user\command\UnbanUser;
 use wcf\system\user\group\assignment\UserGroupAssignmentHandler;
 use wcf\system\WCF;
-use wcf\util\UserRegistrationUtil;
 
 /**
  * Executes user-related actions.
@@ -262,23 +267,18 @@ public function ban()
      * Unbans users.
      *
      * @return void
+     *
+     * @deprecated 6.3 use `UnbanUser`
      */
     public function unban()
     {
-        $conditionBuilder = new PreparedStatementConditionBuilder();
-        $conditionBuilder->add('userID IN (?)', [$this->objectIDs]);
+        if ($this->objects === []) {
+            $this->readObjects();
+        }
 
-        $sql = "UPDATE  wcf1_user
-                SET     banned = ?,
-                        banExpires = ?
-                " . $conditionBuilder;
-        $statement = WCF::getDB()->prepare($sql);
-        $statement->execute(
-            \array_merge([
-                0,
-                0,
-            ], $conditionBuilder->getParameters())
-        );
+        foreach ($this->getObjects() as $userEditor) {
+            (new UnbanUser($userEditor->getDecoratedObject()))();
+        }
     }
 
     /**
@@ -759,6 +759,8 @@ public function unconfirmEmail()
      * Enables users.
      *
      * @return void
+     *
+     * @deprecated 6.3 use `EnableUser`
      */
     public function enable()
     {
@@ -766,52 +768,9 @@ public function enable()
             $this->readObjects();
         }
 
-        $data = [
-            'activationCode' => 0,
-            'blacklistMatches' => '',
-        ];
-
-        if (!((int)REGISTER_ACTIVATION_METHOD & User::REGISTER_ACTIVATION_USER)) {
-            $data['emailConfirmed'] = null;
-        }
-
-        $action = new self($this->objects, 'update', [
-            'data' => $data,
-            'removeGroups' => UserGroup::getGroupIDsByType([UserGroup::GUESTS]),
-        ]);
-        $action->executeAction();
-        $action = new self($this->objects, 'addToGroups', [
-            'groups' => UserGroup::getGroupIDsByType([UserGroup::USERS]),
-            'deleteOldGroups' => false,
-            'addDefaultGroups' => false,
-        ]);
-        $action->executeAction();
-
-        // send e-mail notification
-        if (empty($this->parameters['skipNotification'])) {
-            foreach ($this->getObjects() as $user) {
-                $email = new Email();
-                $email->setMessageID(\sprintf(
-                    'com.woltlab.wcf.adminActivation/%d/%d/%s',
-                    $user->userID,
-                    TIME_NOW,
-                    \bin2hex(\random_bytes(8))
-                ));
-                $email->addRecipient(new UserMailbox($user->getDecoratedObject()));
-                $email->setSubject($user->getLanguage()->getDynamicVariable('wcf.acp.user.activation.mail.subject'));
-                $email->setBody(new MimePartFacade([
-                    new RecipientAwareTextMimePart('text/html', 'email_adminActivation'),
-                    new RecipientAwareTextMimePart('text/plain', 'email_adminActivation'),
-                ]));
-                $email->send();
-            }
-        }
-
-        $userIDs = [];
         foreach ($this->getObjects() as $user) {
-            $userIDs[] = $user->userID;
+            (new EnableUser($user->getDecoratedObject(), $this->parameters['skipNotification'] ?? false))();
         }
-        UserGroupAssignmentHandler::getInstance()->checkUsers($userIDs);
 
         $this->unmarkItems();
     }
@@ -820,6 +779,8 @@ public function enable()
      * Disables users.
      *
      * @return void
+     *
+     * @deprecated 6.3 use `DisableUser`
      */
     public function disable()
     {
@@ -827,24 +788,9 @@ public function disable()
             $this->readObjects();
         }
 
-        // We reset the activationCode (which indicates, that the user is not enabled) AND disable the email
-        // confirm status, because if the user can enable himself by an email confirmation and we do not reset
-        // the email confirmed status, the behavior is undefined, because a user exists, which is not enabled
-        // but has a valid email address (Which doesn't usually happen).
-        $action = new self($this->objects, 'update', [
-            'data' => [
-                'activationCode' => UserRegistrationUtil::getActivationCode(),
-                'emailConfirmed' => Hex::encode(\random_bytes(20)),
-            ],
-            'removeGroups' => UserGroup::getGroupIDsByType([UserGroup::USERS]),
-        ]);
-        $action->executeAction();
-        $action = new self($this->objects, 'addToGroups', [
-            'groups' => UserGroup::getGroupIDsByType([UserGroup::GUESTS]),
-            'deleteOldGroups' => false,
-            'addDefaultGroups' => false,
-        ]);
-        $action->executeAction();
+        foreach ($this->getObjects() as $userEditor) {
+            (new DisableUser($userEditor->getDecoratedObject()))();
+        }
 
         $this->unmarkItems();
     }
@@ -937,6 +883,8 @@ public function validateEnableSignature()
      * Enables the signature of the handled users.
      *
      * @return void
+     *
+     * @deprecated 6.3 use `EnableSignature`
      */
     public function enableSignature()
     {
@@ -945,9 +893,7 @@ public function enableSignature()
         }
 
         foreach ($this->getObjects() as $userEditor) {
-            $userEditor->update([
-                'disableSignature' => 0,
-            ]);
+            (new EnableSignature($userEditor->getDecoratedObject()))();
         }
     }
 
@@ -1057,6 +1003,8 @@ public function validateEnableAvatar()
      * Enables the avatar of the handled users.
      *
      * @return void
+     *
+     * @deprecated 6.3 use `EnableAvatar`
      */
     public function enableAvatar()
     {
@@ -1065,9 +1013,7 @@ public function enableAvatar()
         }
 
         foreach ($this->getObjects() as $userEditor) {
-            $userEditor->update([
-                'disableAvatar' => 0,
-            ]);
+            (new EnableAvatar($userEditor->getDecoratedObject()))();
         }
     }
 
@@ -1097,6 +1043,8 @@ public function validateEnableCoverPhoto()
      *
      * @return void
      * @since   5.2
+     *
+     * @deprecated 6.3 use `EnableCoverPhoto`
      */
     public function enableCoverPhoto()
     {
@@ -1105,9 +1053,7 @@ public function enableCoverPhoto()
         }
 
         foreach ($this->getObjects() as $userEditor) {
-            $userEditor->update([
-                'disableCoverPhoto' => 0,
-            ]);
+            (new EnableCoverPhoto($userEditor->getDecoratedObject()))();
         }
     }
 
diff --git a/wcfsetup/install/files/lib/event/user/UserAvatarEnabled.class.php b/wcfsetup/install/files/lib/event/user/UserAvatarEnabled.class.php
new file mode 100644
index 0000000000..491b0df860
--- /dev/null
+++ b/wcfsetup/install/files/lib/event/user/UserAvatarEnabled.class.php
@@ -0,0 +1,21 @@
+<?php
+
+namespace wcf\event\user;
+
+use wcf\data\user\User;
+use wcf\event\IPsr14Event;
+
+/**
+ * Indicates that a user's avatar has been enabled.
+ *
+ * @author Olaf Braun
+ * @copyright 2001-2025 WoltLab GmbH
+ * @license GNU Lesser General Public License <http://opensource.org/licenses/lgpl-license.php>
+ * @since 6.3
+ */
+final class UserAvatarEnabled implements IPsr14Event
+{
+    public function __construct(public readonly User $user)
+    {
+    }
+}
diff --git a/wcfsetup/install/files/lib/event/user/UserCoverPhotoEnabled.class.php b/wcfsetup/install/files/lib/event/user/UserCoverPhotoEnabled.class.php
new file mode 100644
index 0000000000..9c6fb19d22
--- /dev/null
+++ b/wcfsetup/install/files/lib/event/user/UserCoverPhotoEnabled.class.php
@@ -0,0 +1,21 @@
+<?php
+
+namespace wcf\event\user;
+
+use wcf\data\user\User;
+use wcf\event\IPsr14Event;
+
+/**
+ * Indicates that a user's cover photo has been enabled.
+ *
+ * @author Olaf Braun
+ * @copyright 2001-2025 WoltLab GmbH
+ * @license GNU Lesser General Public License <http://opensource.org/licenses/lgpl-license.php>
+ * @since 6.3
+ */
+final class UserCoverPhotoEnabled implements IPsr14Event
+{
+    public function __construct(public readonly User $user)
+    {
+    }
+}
diff --git a/wcfsetup/install/files/lib/event/user/UserDisabled.class.php b/wcfsetup/install/files/lib/event/user/UserDisabled.class.php
new file mode 100644
index 0000000000..e1c258b734
--- /dev/null
+++ b/wcfsetup/install/files/lib/event/user/UserDisabled.class.php
@@ -0,0 +1,21 @@
+<?php
+
+namespace wcf\event\user;
+
+use wcf\data\user\User;
+use wcf\event\IPsr14Event;
+
+/**
+ * Indicates that a user has been disabled.
+ *
+ * @author Olaf Braun
+ * @copyright 2001-2025 WoltLab GmbH
+ * @license GNU Lesser General Public License <http://opensource.org/licenses/lgpl-license.php>
+ * @since 6.3
+ */
+final class UserDisabled implements IPsr14Event
+{
+    public function __construct(public readonly User $user)
+    {
+    }
+}
diff --git a/wcfsetup/install/files/lib/event/user/UserEnabled.class.php b/wcfsetup/install/files/lib/event/user/UserEnabled.class.php
new file mode 100644
index 0000000000..0adf525db4
--- /dev/null
+++ b/wcfsetup/install/files/lib/event/user/UserEnabled.class.php
@@ -0,0 +1,21 @@
+<?php
+
+namespace wcf\event\user;
+
+use wcf\data\user\User;
+use wcf\event\IPsr14Event;
+
+/**
+ * Indicates that a user has been enabled.
+ *
+ * @author Olaf Braun
+ * @copyright 2001-2025 WoltLab GmbH
+ * @license GNU Lesser General Public License <http://opensource.org/licenses/lgpl-license.php>
+ * @since 6.3
+ */
+final class UserEnabled implements IPsr14Event
+{
+    public function __construct(public readonly User $user)
+    {
+    }
+}
diff --git a/wcfsetup/install/files/lib/event/user/UserSignatureEnabled.class.php b/wcfsetup/install/files/lib/event/user/UserSignatureEnabled.class.php
new file mode 100644
index 0000000000..03c9cb4419
--- /dev/null
+++ b/wcfsetup/install/files/lib/event/user/UserSignatureEnabled.class.php
@@ -0,0 +1,21 @@
+<?php
+
+namespace wcf\event\user;
+
+use wcf\data\user\User;
+use wcf\event\IPsr14Event;
+
+/**
+ * Indicates that a user's signature has been enabled.
+ *
+ * @author Olaf Braun
+ * @copyright 2001-2025 WoltLab GmbH
+ * @license GNU Lesser General Public License <http://opensource.org/licenses/lgpl-license.php>
+ * @since 6.3
+ */
+final class UserSignatureEnabled implements IPsr14Event
+{
+    public function __construct(public readonly User $user)
+    {
+    }
+}
diff --git a/wcfsetup/install/files/lib/event/user/UserUnbanned.class.php b/wcfsetup/install/files/lib/event/user/UserUnbanned.class.php
new file mode 100644
index 0000000000..9f79cf1cb4
--- /dev/null
+++ b/wcfsetup/install/files/lib/event/user/UserUnbanned.class.php
@@ -0,0 +1,21 @@
+<?php
+
+namespace wcf\event\user;
+
+use wcf\data\user\User;
+use wcf\event\IPsr14Event;
+
+/**
+ * Indicates that a user has been unbanned.
+ *
+ * @author Olaf Braun
+ * @copyright 2001-2025 WoltLab GmbH
+ * @license GNU Lesser General Public License <http://opensource.org/licenses/lgpl-license.php>
+ * @since 6.3
+ */
+final class UserUnbanned implements IPsr14Event
+{
+    public function __construct(public readonly User $user)
+    {
+    }
+}
diff --git a/wcfsetup/install/files/lib/system/endpoint/controller/core/users/DisableUser.class.php b/wcfsetup/install/files/lib/system/endpoint/controller/core/users/DisableUser.class.php
index 01fda88514..466a2383ff 100644
--- a/wcfsetup/install/files/lib/system/endpoint/controller/core/users/DisableUser.class.php
+++ b/wcfsetup/install/files/lib/system/endpoint/controller/core/users/DisableUser.class.php
@@ -7,7 +7,6 @@
 use Psr\Http\Message\ServerRequestInterface;
 use wcf\data\user\group\UserGroup;
 use wcf\data\user\User;
-use wcf\data\user\UserAction;
 use wcf\http\Helper;
 use wcf\system\endpoint\IController;
 use wcf\system\endpoint\PostRequest;
@@ -34,7 +33,7 @@ public function __invoke(ServerRequestInterface $request, array $variables): Res
         $this->assertUserCanBeDisabled($user);
 
         if (!$user->pendingActivation()) {
-            (new UserAction([$user], 'disable'))->executeAction();
+            (new \wcf\system\user\command\DisableUser($user))();
         }
 
         return new JsonResponse([]);
diff --git a/wcfsetup/install/files/lib/system/endpoint/controller/core/users/EnableUser.class.php b/wcfsetup/install/files/lib/system/endpoint/controller/core/users/EnableUser.class.php
index 5b9ef9b014..db42956b43 100644
--- a/wcfsetup/install/files/lib/system/endpoint/controller/core/users/EnableUser.class.php
+++ b/wcfsetup/install/files/lib/system/endpoint/controller/core/users/EnableUser.class.php
@@ -7,7 +7,6 @@
 use Psr\Http\Message\ServerRequestInterface;
 use wcf\data\user\group\UserGroup;
 use wcf\data\user\User;
-use wcf\data\user\UserAction;
 use wcf\http\Helper;
 use wcf\system\endpoint\IController;
 use wcf\system\endpoint\PostRequest;
@@ -34,7 +33,7 @@ public function __invoke(ServerRequestInterface $request, array $variables): Res
         $this->assertUserCanBeEnabled($user);
 
         if ($user->pendingActivation()) {
-            (new UserAction([$user], 'enable'))->executeAction();
+            (new \wcf\system\user\command\EnableUser($user))();
         }
 
         return new JsonResponse([]);
diff --git a/wcfsetup/install/files/lib/system/endpoint/controller/core/users/EnableUserAvatar.class.php b/wcfsetup/install/files/lib/system/endpoint/controller/core/users/EnableUserAvatar.class.php
index a11da31944..4f10c296b0 100644
--- a/wcfsetup/install/files/lib/system/endpoint/controller/core/users/EnableUserAvatar.class.php
+++ b/wcfsetup/install/files/lib/system/endpoint/controller/core/users/EnableUserAvatar.class.php
@@ -7,12 +7,12 @@
 use Psr\Http\Message\ServerRequestInterface;
 use wcf\data\user\group\UserGroup;
 use wcf\data\user\User;
-use wcf\data\user\UserAction;
 use wcf\http\Helper;
 use wcf\system\endpoint\IController;
 use wcf\system\endpoint\PostRequest;
 use wcf\system\exception\IllegalLinkException;
 use wcf\system\exception\PermissionDeniedException;
+use wcf\system\user\command\EnableAvatar;
 use wcf\system\WCF;
 
 /**
@@ -34,7 +34,7 @@ public function __invoke(ServerRequestInterface $request, array $variables): Res
         $this->assertAvatarCanBeEnabled($user);
 
         if ($user->disableAvatar) {
-            (new UserAction([$user], 'enableAvatar'))->executeAction();
+            (new EnableAvatar($user))();
         }
 
         return new JsonResponse([]);
diff --git a/wcfsetup/install/files/lib/system/endpoint/controller/core/users/EnableUserCoverPhoto.class.php b/wcfsetup/install/files/lib/system/endpoint/controller/core/users/EnableUserCoverPhoto.class.php
index 28fe1cfa23..66682a9c32 100644
--- a/wcfsetup/install/files/lib/system/endpoint/controller/core/users/EnableUserCoverPhoto.class.php
+++ b/wcfsetup/install/files/lib/system/endpoint/controller/core/users/EnableUserCoverPhoto.class.php
@@ -7,12 +7,12 @@
 use Psr\Http\Message\ServerRequestInterface;
 use wcf\data\user\group\UserGroup;
 use wcf\data\user\User;
-use wcf\data\user\UserAction;
 use wcf\http\Helper;
 use wcf\system\endpoint\IController;
 use wcf\system\endpoint\PostRequest;
 use wcf\system\exception\IllegalLinkException;
 use wcf\system\exception\PermissionDeniedException;
+use wcf\system\user\command\EnableCoverPhoto;
 use wcf\system\WCF;
 
 /**
@@ -34,7 +34,7 @@ public function __invoke(ServerRequestInterface $request, array $variables): Res
         $this->assertCoverPhotoCanBeEnabled($user);
 
         if ($user->disableCoverPhoto) {
-            (new UserAction([$user], 'enableCoverPhoto'))->executeAction();
+            (new EnableCoverPhoto($user))();
         }
 
         return new JsonResponse([]);
diff --git a/wcfsetup/install/files/lib/system/endpoint/controller/core/users/EnableUserSignature.class.php b/wcfsetup/install/files/lib/system/endpoint/controller/core/users/EnableUserSignature.class.php
index f5845433a0..912eff6f01 100644
--- a/wcfsetup/install/files/lib/system/endpoint/controller/core/users/EnableUserSignature.class.php
+++ b/wcfsetup/install/files/lib/system/endpoint/controller/core/users/EnableUserSignature.class.php
@@ -7,12 +7,12 @@
 use Psr\Http\Message\ServerRequestInterface;
 use wcf\data\user\group\UserGroup;
 use wcf\data\user\User;
-use wcf\data\user\UserAction;
 use wcf\http\Helper;
 use wcf\system\endpoint\IController;
 use wcf\system\endpoint\PostRequest;
 use wcf\system\exception\IllegalLinkException;
 use wcf\system\exception\PermissionDeniedException;
+use wcf\system\user\command\EnableSignature;
 use wcf\system\WCF;
 
 /**
@@ -34,7 +34,7 @@ public function __invoke(ServerRequestInterface $request, array $variables): Res
         $this->assertSignatureCanBeEnabled($user);
 
         if ($user->disableSignature) {
-            (new UserAction([$user], 'enableSignature'))->executeAction();
+            (new EnableSignature($user))();
         }
 
         return new JsonResponse([]);
diff --git a/wcfsetup/install/files/lib/system/endpoint/controller/core/users/UnbanUser.class.php b/wcfsetup/install/files/lib/system/endpoint/controller/core/users/UnbanUser.class.php
index 2fb99f40a7..5abc846c93 100644
--- a/wcfsetup/install/files/lib/system/endpoint/controller/core/users/UnbanUser.class.php
+++ b/wcfsetup/install/files/lib/system/endpoint/controller/core/users/UnbanUser.class.php
@@ -7,7 +7,6 @@
 use Psr\Http\Message\ServerRequestInterface;
 use wcf\data\user\group\UserGroup;
 use wcf\data\user\User;
-use wcf\data\user\UserAction;
 use wcf\http\Helper;
 use wcf\system\endpoint\IController;
 use wcf\system\endpoint\PostRequest;
@@ -34,7 +33,7 @@ public function __invoke(ServerRequestInterface $request, array $variables): Res
         $this->assertUserCanUnbanned($user);
 
         if ($user->banned) {
-            (new UserAction([$user], 'unban'))->executeAction();
+            (new \wcf\system\user\command\UnbanUser($user))();
         }
 
         return new JsonResponse([]);
diff --git a/wcfsetup/install/files/lib/system/user/command/DisableUser.class.php b/wcfsetup/install/files/lib/system/user/command/DisableUser.class.php
new file mode 100644
index 0000000000..3325d14ad8
--- /dev/null
+++ b/wcfsetup/install/files/lib/system/user/command/DisableUser.class.php
@@ -0,0 +1,58 @@
+<?php
+
+namespace wcf\system\user\command;
+
+use ParagonIE\ConstantTime\Hex;
+use wcf\data\user\group\UserGroup;
+use wcf\data\user\User;
+use wcf\data\user\UserAction;
+use wcf\data\user\UserEditor;
+use wcf\event\user\UserDisabled;
+use wcf\system\event\EventHandler;
+use wcf\util\UserRegistrationUtil;
+
+/**
+ * Disable a user.
+ *
+ * @author Olaf Braun
+ * @copyright 2001-2025 WoltLab GmbH
+ * @license GNU Lesser General Public License <http://opensource.org/licenses/lgpl-license.php>
+ * @since 6.3
+ */
+final class DisableUser
+{
+    public function __construct(
+        private readonly User $user,
+    ) {
+    }
+
+    public function __invoke(): void
+    {
+        $this->resetActivationCode($this->user);
+        $this->addUserToGuestGroup($this->user);
+
+        $event = new UserDisabled($this->user);
+        EventHandler::getInstance()->fire($event);
+    }
+
+    private function addUserToGuestGroup(User $user): void
+    {
+        (new UserAction([$user], 'addToGroups', [
+            'groups' => UserGroup::getGroupIDsByType([UserGroup::GUESTS]),
+            'deleteOldGroups' => true,
+            'addDefaultGroups' => false,
+        ]))->executeAction();
+    }
+
+    private function resetActivationCode(User $user): void
+    {
+        // We reset the activationCode (which indicates, that the user is not enabled) AND disable the email
+        // confirm status, because if the user can enable himself by an email confirmation and we do not reset
+        // the email confirmed status, the behavior is undefined, because a user exists, which is not enabled
+        // but has a valid email address (Which doesn't usually happen).
+        (new UserEditor($user))->update([
+            'activationCode' => UserRegistrationUtil::getActivationCode(),
+            'emailConfirmed' => Hex::encode(\random_bytes(20)),
+        ]);
+    }
+}
diff --git a/wcfsetup/install/files/lib/system/user/command/EnableAvatar.class.php b/wcfsetup/install/files/lib/system/user/command/EnableAvatar.class.php
new file mode 100644
index 0000000000..fb2fb61706
--- /dev/null
+++ b/wcfsetup/install/files/lib/system/user/command/EnableAvatar.class.php
@@ -0,0 +1,34 @@
+<?php
+
+namespace wcf\system\user\command;
+
+use wcf\data\user\User;
+use wcf\data\user\UserEditor;
+use wcf\event\user\UserAvatarEnabled;
+use wcf\system\event\EventHandler;
+
+/**
+ * Enable a user's avatar.
+ *
+ * @author Olaf Braun
+ * @copyright 2001-2025 WoltLab GmbH
+ * @license GNU Lesser General Public License <http://opensource.org/licenses/lgpl-license.php>
+ * @since 6.3
+ */
+final class EnableAvatar
+{
+    public function __construct(
+        private readonly User $user,
+    ) {
+    }
+
+    public function __invoke(): void
+    {
+        (new UserEditor($this->user))->update([
+            'disableAvatar' => 0,
+        ]);
+
+        $event = new UserAvatarEnabled($this->user);
+        EventHandler::getInstance()->fire($event);
+    }
+}
diff --git a/wcfsetup/install/files/lib/system/user/command/EnableCoverPhoto.class.php b/wcfsetup/install/files/lib/system/user/command/EnableCoverPhoto.class.php
new file mode 100644
index 0000000000..7518d8b466
--- /dev/null
+++ b/wcfsetup/install/files/lib/system/user/command/EnableCoverPhoto.class.php
@@ -0,0 +1,34 @@
+<?php
+
+namespace wcf\system\user\command;
+
+use wcf\data\user\User;
+use wcf\data\user\UserEditor;
+use wcf\event\user\UserCoverPhotoEnabled;
+use wcf\system\event\EventHandler;
+
+/**
+ * Enable a user's cover photo.
+ *
+ * @author Olaf Braun
+ * @copyright 2001-2025 WoltLab GmbH
+ * @license GNU Lesser General Public License <http://opensource.org/licenses/lgpl-license.php>
+ * @since 6.3
+ */
+final class EnableCoverPhoto
+{
+    public function __construct(
+        private readonly User $user,
+    ) {
+    }
+
+    public function __invoke(): void
+    {
+        (new UserEditor($this->user))->update([
+            'disableCoverPhoto' => 0,
+        ]);
+
+        $event = new UserCoverPhotoEnabled($this->user);
+        EventHandler::getInstance()->fire($event);
+    }
+}
diff --git a/wcfsetup/install/files/lib/system/user/command/EnableSignature.class.php b/wcfsetup/install/files/lib/system/user/command/EnableSignature.class.php
new file mode 100644
index 0000000000..0ebfbdbe10
--- /dev/null
+++ b/wcfsetup/install/files/lib/system/user/command/EnableSignature.class.php
@@ -0,0 +1,33 @@
+<?php
+
+namespace wcf\system\user\command;
+
+use wcf\data\user\User;
+use wcf\data\user\UserEditor;
+use wcf\event\user\UserSignatureEnabled;
+use wcf\system\event\EventHandler;
+
+/**
+ * Enable a user's signature.
+ *
+ * @author Olaf Braun
+ * @copyright 2001-2025 WoltLab GmbH
+ * @license GNU Lesser General Public License <http://opensource.org/licenses/lgpl-license.php>
+ * @since 6.3
+ */
+final class EnableSignature
+{
+    public function __construct(private readonly User $user)
+    {
+    }
+
+    public function __invoke(): void
+    {
+        (new UserEditor($this->user))->update([
+            'disableSignature' => 0,
+        ]);
+
+        $event = new UserSignatureEnabled($this->user);
+        EventHandler::getInstance()->fire($event);
+    }
+}
diff --git a/wcfsetup/install/files/lib/system/user/command/EnableUser.class.php b/wcfsetup/install/files/lib/system/user/command/EnableUser.class.php
new file mode 100644
index 0000000000..b3d2ab36fd
--- /dev/null
+++ b/wcfsetup/install/files/lib/system/user/command/EnableUser.class.php
@@ -0,0 +1,91 @@
+<?php
+
+namespace wcf\system\user\command;
+
+use wcf\data\user\group\UserGroup;
+use wcf\data\user\User;
+use wcf\data\user\UserAction;
+use wcf\data\user\UserEditor;
+use wcf\event\user\UserEnabled;
+use wcf\system\email\Email;
+use wcf\system\email\mime\MimePartFacade;
+use wcf\system\email\mime\RecipientAwareTextMimePart;
+use wcf\system\email\UserMailbox;
+use wcf\system\event\EventHandler;
+use wcf\system\user\group\assignment\UserGroupAssignmentHandler;
+
+/**
+ * Enable a user.
+ *
+ * @author Olaf Braun
+ * @copyright 2001-2025 WoltLab GmbH
+ * @license GNU Lesser General Public License <http://opensource.org/licenses/lgpl-license.php>
+ * @since 6.3
+ */
+final class EnableUser
+{
+    public function __construct(
+        private readonly User $user,
+        public readonly bool $skipNotification = false,
+    ) {
+    }
+
+    public function __invoke(): void
+    {
+        $this->activateUser($this->user);
+        $this->addUserToUserGroup($this->user);
+        $this->sendEmailNotification($this->user);
+
+        UserGroupAssignmentHandler::getInstance()->checkUsers([$this->user->userID]);
+
+        $event = new UserEnabled($this->user);
+        EventHandler::getInstance()->fire($event);
+    }
+
+    private function sendEmailNotification(User $user): void
+    {
+        if ($this->skipNotification) {
+            return;
+        }
+
+        $email = new Email();
+        $email->setMessageID(
+            \sprintf(
+                'com.woltlab.wcf.adminActivation/%d/%d/%s',
+                $user->userID,
+                TIME_NOW,
+                \bin2hex(\random_bytes(8))
+            )
+        );
+        $email->addRecipient(new UserMailbox($user));
+        $email->setSubject($user->getLanguage()->getDynamicVariable('wcf.acp.user.activation.mail.subject'));
+        $email->setBody(new MimePartFacade([
+            new RecipientAwareTextMimePart('text/html', 'email_adminActivation'),
+            new RecipientAwareTextMimePart('text/plain', 'email_adminActivation'),
+        ]));
+        $email->send();
+    }
+
+    private function addUserToUserGroup(User $user): void
+    {
+        (new UserAction([$user], 'addToGroups', [
+            'groups' => UserGroup::getGroupIDsByType([UserGroup::USERS]),
+            'deleteOldGroups' => true,
+            'addDefaultGroups' => false,
+        ]))->executeAction();
+    }
+
+    private function activateUser(User $user): void
+    {
+        $data = [
+            'activationCode' => 0,
+            'blacklistMatches' => '',
+        ];
+
+        if (!((int)REGISTER_ACTIVATION_METHOD & User::REGISTER_ACTIVATION_USER)) {
+            $data['emailConfirmed'] = null;
+        }
+
+        (new UserEditor($user))->update($data);
+    }
+}
diff --git a/wcfsetup/install/files/lib/system/user/command/UnbanUser.class.php b/wcfsetup/install/files/lib/system/user/command/UnbanUser.class.php
new file mode 100644
index 0000000000..c8fd6d9055
--- /dev/null
+++ b/wcfsetup/install/files/lib/system/user/command/UnbanUser.class.php
@@ -0,0 +1,34 @@
+<?php
+
+namespace wcf\system\user\command;
+
+use wcf\data\user\User;
+use wcf\data\user\UserEditor;
+use wcf\event\user\UserUnbanned;
+use wcf\system\event\EventHandler;
+
+/**
+ * Unban a user.
+ *
+ * @author Olaf Braun
+ * @copyright 2001-2025 WoltLab GmbH
+ * @license GNU Lesser General Public License <http://opensource.org/licenses/lgpl-license.php>
+ * @since 6.3
+ */
+final class UnbanUser
+{
+    public function __construct(private readonly User $user)
+    {
+    }
+
+    public function __invoke(): void
+    {
+        (new UserEditor($this->user))->update([
+            'banned' => 0,
+            'banExpires' => 0,
+        ]);
+
+        $event = new UserUnbanned($this->user);
+        EventHandler::getInstance()->fire($event);
+    }
+}

From 0b44359b570b4f066c9eb8e44c0c4d8206a56592 Mon Sep 17 00:00:00 2001
From: Cyperghost <olaf_schmitz_1@t-online.de>
Date: Fri, 15 Aug 2025 10:19:20 +0200
Subject: [PATCH 19/19] Move user commands to `wcf\command\user`

---
 .../files/lib/action/UserBanAction.class.php   |  2 +-
 .../action/UserDisableAvatarAction.class.php   |  2 +-
 .../UserDisableCoverPhotoAction.class.php      |  2 +-
 .../UserDisableSignatureAction.class.php       |  2 +-
 .../command => command/user}/BanUser.class.php |  2 +-
 .../user}/DisableAvatar.class.php              |  5 ++---
 .../user}/DisableCoverPhoto.class.php          |  5 ++---
 .../user}/DisableSignature.class.php           |  5 ++---
 .../user}/DisableUser.class.php                |  5 ++---
 .../user}/EnableAvatar.class.php               |  5 ++---
 .../user}/EnableCoverPhoto.class.php           |  5 ++---
 .../user}/EnableSignature.class.php            |  6 ++----
 .../user}/EnableUser.class.php                 |  5 ++---
 .../user}/UnbanUser.class.php                  |  6 ++----
 .../files/lib/data/user/UserAction.class.php   | 18 +++++++++---------
 .../core/users/DisableUser.class.php           |  2 +-
 .../controller/core/users/EnableUser.class.php |  2 +-
 .../core/users/EnableUserAvatar.class.php      |  2 +-
 .../core/users/EnableUserCoverPhoto.class.php  |  2 +-
 .../core/users/EnableUserSignature.class.php   |  2 +-
 .../controller/core/users/UnbanUser.class.php  |  2 +-
 21 files changed, 38 insertions(+), 49 deletions(-)
 rename wcfsetup/install/files/lib/{system/user/command => command/user}/BanUser.class.php (96%)
 rename wcfsetup/install/files/lib/{system/user/command => command/user}/DisableAvatar.class.php (94%)
 rename wcfsetup/install/files/lib/{system/user/command => command/user}/DisableCoverPhoto.class.php (94%)
 rename wcfsetup/install/files/lib/{system/user/command => command/user}/DisableSignature.class.php (94%)
 rename wcfsetup/install/files/lib/{system/user/command => command/user}/DisableUser.class.php (97%)
 rename wcfsetup/install/files/lib/{system/user/command => command/user}/EnableAvatar.class.php (93%)
 rename wcfsetup/install/files/lib/{system/user/command => command/user}/EnableCoverPhoto.class.php (93%)
 rename wcfsetup/install/files/lib/{system/user/command => command/user}/EnableSignature.class.php (85%)
 rename wcfsetup/install/files/lib/{system/user/command => command/user}/EnableUser.class.php (98%)
 rename wcfsetup/install/files/lib/{system/user/command => command/user}/UnbanUser.class.php (85%)

diff --git a/wcfsetup/install/files/lib/action/UserBanAction.class.php b/wcfsetup/install/files/lib/action/UserBanAction.class.php
index 8f601ab8c9..116fa6846e 100644
--- a/wcfsetup/install/files/lib/action/UserBanAction.class.php
+++ b/wcfsetup/install/files/lib/action/UserBanAction.class.php
@@ -2,6 +2,7 @@
 
 namespace wcf\action;
 
+use wcf\command\user\BanUser;
 use wcf\data\user\UserProfile;
 use wcf\system\exception\IllegalLinkException;
 use wcf\system\exception\PermissionDeniedException;
@@ -10,7 +11,6 @@
 use wcf\system\form\builder\field\dependency\EmptyFormFieldDependency;
 use wcf\system\form\builder\field\MultilineTextFormField;
 use wcf\system\form\builder\Psr15DialogForm;
-use wcf\system\user\command\BanUser;
 use wcf\system\WCF;
 
 /**
diff --git a/wcfsetup/install/files/lib/action/UserDisableAvatarAction.class.php b/wcfsetup/install/files/lib/action/UserDisableAvatarAction.class.php
index 7cbe9b1d98..def03c989f 100644
--- a/wcfsetup/install/files/lib/action/UserDisableAvatarAction.class.php
+++ b/wcfsetup/install/files/lib/action/UserDisableAvatarAction.class.php
@@ -2,6 +2,7 @@
 
 namespace wcf\action;
 
+use wcf\command\user\DisableAvatar;
 use wcf\data\user\UserProfile;
 use wcf\system\exception\IllegalLinkException;
 use wcf\system\exception\PermissionDeniedException;
@@ -10,7 +11,6 @@
 use wcf\system\form\builder\field\dependency\EmptyFormFieldDependency;
 use wcf\system\form\builder\field\MultilineTextFormField;
 use wcf\system\form\builder\Psr15DialogForm;
-use wcf\system\user\command\DisableAvatar;
 use wcf\system\WCF;
 
 /**
diff --git a/wcfsetup/install/files/lib/action/UserDisableCoverPhotoAction.class.php b/wcfsetup/install/files/lib/action/UserDisableCoverPhotoAction.class.php
index fe2b626e2a..9cd57fe9d4 100644
--- a/wcfsetup/install/files/lib/action/UserDisableCoverPhotoAction.class.php
+++ b/wcfsetup/install/files/lib/action/UserDisableCoverPhotoAction.class.php
@@ -2,6 +2,7 @@
 
 namespace wcf\action;
 
+use wcf\command\user\DisableCoverPhoto;
 use wcf\data\user\UserProfile;
 use wcf\system\exception\IllegalLinkException;
 use wcf\system\exception\PermissionDeniedException;
@@ -10,7 +11,6 @@
 use wcf\system\form\builder\field\dependency\EmptyFormFieldDependency;
 use wcf\system\form\builder\field\MultilineTextFormField;
 use wcf\system\form\builder\Psr15DialogForm;
-use wcf\system\user\command\DisableCoverPhoto;
 use wcf\system\WCF;
 
 /**
diff --git a/wcfsetup/install/files/lib/action/UserDisableSignatureAction.class.php b/wcfsetup/install/files/lib/action/UserDisableSignatureAction.class.php
index b46e378894..49baaecfb0 100644
--- a/wcfsetup/install/files/lib/action/UserDisableSignatureAction.class.php
+++ b/wcfsetup/install/files/lib/action/UserDisableSignatureAction.class.php
@@ -2,6 +2,7 @@
 
 namespace wcf\action;
 
+use wcf\command\user\DisableSignature;
 use wcf\data\user\UserProfile;
 use wcf\system\exception\IllegalLinkException;
 use wcf\system\exception\PermissionDeniedException;
@@ -10,7 +11,6 @@
 use wcf\system\form\builder\field\dependency\EmptyFormFieldDependency;
 use wcf\system\form\builder\field\MultilineTextFormField;
 use wcf\system\form\builder\Psr15DialogForm;
-use wcf\system\user\command\DisableSignature;
 use wcf\system\WCF;
 
 /**
diff --git a/wcfsetup/install/files/lib/system/user/command/BanUser.class.php b/wcfsetup/install/files/lib/command/user/BanUser.class.php
similarity index 96%
rename from wcfsetup/install/files/lib/system/user/command/BanUser.class.php
rename to wcfsetup/install/files/lib/command/user/BanUser.class.php
index 8015964676..150ef94186 100644
--- a/wcfsetup/install/files/lib/system/user/command/BanUser.class.php
+++ b/wcfsetup/install/files/lib/command/user/BanUser.class.php
@@ -1,6 +1,6 @@
 <?php
 
-namespace wcf\system\user\command;
+namespace wcf\command\user;
 
 use wcf\data\user\User;
 use wcf\data\user\UserEditor;
diff --git a/wcfsetup/install/files/lib/system/user/command/DisableAvatar.class.php b/wcfsetup/install/files/lib/command/user/DisableAvatar.class.php
similarity index 94%
rename from wcfsetup/install/files/lib/system/user/command/DisableAvatar.class.php
rename to wcfsetup/install/files/lib/command/user/DisableAvatar.class.php
index a1db1df1f5..0675dc1339 100644
--- a/wcfsetup/install/files/lib/system/user/command/DisableAvatar.class.php
+++ b/wcfsetup/install/files/lib/command/user/DisableAvatar.class.php
@@ -1,6 +1,6 @@
 <?php
 
-namespace wcf\system\user\command;
+namespace wcf\command\user;
 
 use wcf\data\user\User;
 use wcf\data\user\UserEditor;
@@ -21,8 +21,7 @@ public function __construct(
         private readonly User $user,
         private readonly string $reason,
         private readonly int $expires = 0,
-    ) {
-    }
+    ) {}
 
     public function __invoke(): void
     {
diff --git a/wcfsetup/install/files/lib/system/user/command/DisableCoverPhoto.class.php b/wcfsetup/install/files/lib/command/user/DisableCoverPhoto.class.php
similarity index 94%
rename from wcfsetup/install/files/lib/system/user/command/DisableCoverPhoto.class.php
rename to wcfsetup/install/files/lib/command/user/DisableCoverPhoto.class.php
index 9c1f184336..a417212406 100644
--- a/wcfsetup/install/files/lib/system/user/command/DisableCoverPhoto.class.php
+++ b/wcfsetup/install/files/lib/command/user/DisableCoverPhoto.class.php
@@ -1,6 +1,6 @@
 <?php
 
-namespace wcf\system\user\command;
+namespace wcf\command\user;
 
 use wcf\data\user\User;
 use wcf\data\user\UserEditor;
@@ -21,8 +21,7 @@ public function __construct(
         private readonly User $user,
         private readonly string $reason,
         private readonly int $expires = 0,
-    ) {
-    }
+    ) {}
 
     public function __invoke(): void
     {
diff --git a/wcfsetup/install/files/lib/system/user/command/DisableSignature.class.php b/wcfsetup/install/files/lib/command/user/DisableSignature.class.php
similarity index 94%
rename from wcfsetup/install/files/lib/system/user/command/DisableSignature.class.php
rename to wcfsetup/install/files/lib/command/user/DisableSignature.class.php
index 0e9f5c0889..0168f0c037 100644
--- a/wcfsetup/install/files/lib/system/user/command/DisableSignature.class.php
+++ b/wcfsetup/install/files/lib/command/user/DisableSignature.class.php
@@ -1,6 +1,6 @@
 <?php
 
-namespace wcf\system\user\command;
+namespace wcf\command\user;
 
 use wcf\data\user\User;
 use wcf\data\user\UserEditor;
@@ -21,8 +21,7 @@ public function __construct(
         private readonly User $user,
         private readonly string $reason,
         private readonly int $expires = 0,
-    ) {
-    }
+    ) {}
 
     public function __invoke(): void
     {
diff --git a/wcfsetup/install/files/lib/system/user/command/DisableUser.class.php b/wcfsetup/install/files/lib/command/user/DisableUser.class.php
similarity index 97%
rename from wcfsetup/install/files/lib/system/user/command/DisableUser.class.php
rename to wcfsetup/install/files/lib/command/user/DisableUser.class.php
index 3325d14ad8..4b1d0efab7 100644
--- a/wcfsetup/install/files/lib/system/user/command/DisableUser.class.php
+++ b/wcfsetup/install/files/lib/command/user/DisableUser.class.php
@@ -1,6 +1,6 @@
 <?php
 
-namespace wcf\system\user\command;
+namespace wcf\command\user;
 
 use ParagonIE\ConstantTime\Hex;
 use wcf\data\user\group\UserGroup;
@@ -23,8 +23,7 @@ final class DisableUser
 {
     public function __construct(
         private readonly User $user,
-    ) {
-    }
+    ) {}
 
     public function __invoke(): void
     {
diff --git a/wcfsetup/install/files/lib/system/user/command/EnableAvatar.class.php b/wcfsetup/install/files/lib/command/user/EnableAvatar.class.php
similarity index 93%
rename from wcfsetup/install/files/lib/system/user/command/EnableAvatar.class.php
rename to wcfsetup/install/files/lib/command/user/EnableAvatar.class.php
index fb2fb61706..21d6f3770e 100644
--- a/wcfsetup/install/files/lib/system/user/command/EnableAvatar.class.php
+++ b/wcfsetup/install/files/lib/command/user/EnableAvatar.class.php
@@ -1,6 +1,6 @@
 <?php
 
-namespace wcf\system\user\command;
+namespace wcf\command\user;
 
 use wcf\data\user\User;
 use wcf\data\user\UserEditor;
@@ -19,8 +19,7 @@ final class EnableAvatar
 {
     public function __construct(
         private readonly User $user,
-    ) {
-    }
+    ) {}
 
     public function __invoke(): void
     {
diff --git a/wcfsetup/install/files/lib/system/user/command/EnableCoverPhoto.class.php b/wcfsetup/install/files/lib/command/user/EnableCoverPhoto.class.php
similarity index 93%
rename from wcfsetup/install/files/lib/system/user/command/EnableCoverPhoto.class.php
rename to wcfsetup/install/files/lib/command/user/EnableCoverPhoto.class.php
index 7518d8b466..0514cc31bf 100644
--- a/wcfsetup/install/files/lib/system/user/command/EnableCoverPhoto.class.php
+++ b/wcfsetup/install/files/lib/command/user/EnableCoverPhoto.class.php
@@ -1,6 +1,6 @@
 <?php
 
-namespace wcf\system\user\command;
+namespace wcf\command\user;
 
 use wcf\data\user\User;
 use wcf\data\user\UserEditor;
@@ -19,8 +19,7 @@ final class EnableCoverPhoto
 {
     public function __construct(
         private readonly User $user,
-    ) {
-    }
+    ) {}
 
     public function __invoke(): void
     {
diff --git a/wcfsetup/install/files/lib/system/user/command/EnableSignature.class.php b/wcfsetup/install/files/lib/command/user/EnableSignature.class.php
similarity index 85%
rename from wcfsetup/install/files/lib/system/user/command/EnableSignature.class.php
rename to wcfsetup/install/files/lib/command/user/EnableSignature.class.php
index 0ebfbdbe10..c9cb038810 100644
--- a/wcfsetup/install/files/lib/system/user/command/EnableSignature.class.php
+++ b/wcfsetup/install/files/lib/command/user/EnableSignature.class.php
@@ -1,6 +1,6 @@
 <?php
 
-namespace wcf\system\user\command;
+namespace wcf\command\user;
 
 use wcf\data\user\User;
 use wcf\data\user\UserEditor;
@@ -17,9 +17,7 @@
  */
 final class EnableSignature
 {
-    public function __construct(private readonly User $user)
-    {
-    }
+    public function __construct(private readonly User $user) {}
 
     public function __invoke(): void
     {
diff --git a/wcfsetup/install/files/lib/system/user/command/EnableUser.class.php b/wcfsetup/install/files/lib/command/user/EnableUser.class.php
similarity index 98%
rename from wcfsetup/install/files/lib/system/user/command/EnableUser.class.php
rename to wcfsetup/install/files/lib/command/user/EnableUser.class.php
index b3d2ab36fd..ec2e9be6da 100644
--- a/wcfsetup/install/files/lib/system/user/command/EnableUser.class.php
+++ b/wcfsetup/install/files/lib/command/user/EnableUser.class.php
@@ -1,6 +1,6 @@
 <?php
 
-namespace wcf\system\user\command;
+namespace wcf\command\user;
 
 use wcf\data\user\group\UserGroup;
 use wcf\data\user\User;
@@ -27,8 +27,7 @@ final class EnableUser
     public function __construct(
         private readonly User $user,
         public readonly bool $skipNotification = false,
-    ) {
-    }
+    ) {}
 
     public function __invoke(): void
     {
diff --git a/wcfsetup/install/files/lib/system/user/command/UnbanUser.class.php b/wcfsetup/install/files/lib/command/user/UnbanUser.class.php
similarity index 85%
rename from wcfsetup/install/files/lib/system/user/command/UnbanUser.class.php
rename to wcfsetup/install/files/lib/command/user/UnbanUser.class.php
index c8fd6d9055..b3b6d371fe 100644
--- a/wcfsetup/install/files/lib/system/user/command/UnbanUser.class.php
+++ b/wcfsetup/install/files/lib/command/user/UnbanUser.class.php
@@ -1,6 +1,6 @@
 <?php
 
-namespace wcf\system\user\command;
+namespace wcf\command\user;
 
 use wcf\data\user\User;
 use wcf\data\user\UserEditor;
@@ -17,9 +17,7 @@
  */
 final class UnbanUser
 {
-    public function __construct(private readonly User $user)
-    {
-    }
+    public function __construct(private readonly User $user) {}
 
     public function __invoke(): void
     {
diff --git a/wcfsetup/install/files/lib/data/user/UserAction.class.php b/wcfsetup/install/files/lib/data/user/UserAction.class.php
index 5fab218964..9603b77c61 100644
--- a/wcfsetup/install/files/lib/data/user/UserAction.class.php
+++ b/wcfsetup/install/files/lib/data/user/UserAction.class.php
@@ -3,6 +3,15 @@
 namespace wcf\data\user;
 
 use ParagonIE\ConstantTime\Hex;
+use wcf\command\user\BanUser;
+use wcf\command\user\DisableAvatar;
+use wcf\command\user\DisableSignature;
+use wcf\command\user\DisableUser;
+use wcf\command\user\EnableAvatar;
+use wcf\command\user\EnableCoverPhoto;
+use wcf\command\user\EnableSignature;
+use wcf\command\user\EnableUser;
+use wcf\command\user\UnbanUser;
 use wcf\data\AbstractDatabaseObjectAction;
 use wcf\data\file\FileAction;
 use wcf\data\IClipboardAction;
@@ -25,15 +34,6 @@
 use wcf\system\request\RequestHandler;
 use wcf\system\session\SessionHandler;
 use wcf\system\style\FontAwesomeIcon;
-use wcf\system\user\command\BanUser;
-use wcf\system\user\command\DisableAvatar;
-use wcf\system\user\command\DisableSignature;
-use wcf\system\user\command\DisableUser;
-use wcf\system\user\command\EnableAvatar;
-use wcf\system\user\command\EnableCoverPhoto;
-use wcf\system\user\command\EnableSignature;
-use wcf\system\user\command\EnableUser;
-use wcf\system\user\command\UnbanUser;
 use wcf\system\user\group\assignment\UserGroupAssignmentHandler;
 use wcf\system\WCF;
 
diff --git a/wcfsetup/install/files/lib/system/endpoint/controller/core/users/DisableUser.class.php b/wcfsetup/install/files/lib/system/endpoint/controller/core/users/DisableUser.class.php
index 466a2383ff..10cbaf08f6 100644
--- a/wcfsetup/install/files/lib/system/endpoint/controller/core/users/DisableUser.class.php
+++ b/wcfsetup/install/files/lib/system/endpoint/controller/core/users/DisableUser.class.php
@@ -33,7 +33,7 @@ public function __invoke(ServerRequestInterface $request, array $variables): Res
         $this->assertUserCanBeDisabled($user);
 
         if (!$user->pendingActivation()) {
-            (new \wcf\system\user\command\DisableUser($user))();
+            (new \wcf\command\user\DisableUser($user))();
         }
 
         return new JsonResponse([]);
diff --git a/wcfsetup/install/files/lib/system/endpoint/controller/core/users/EnableUser.class.php b/wcfsetup/install/files/lib/system/endpoint/controller/core/users/EnableUser.class.php
index db42956b43..d55e46856c 100644
--- a/wcfsetup/install/files/lib/system/endpoint/controller/core/users/EnableUser.class.php
+++ b/wcfsetup/install/files/lib/system/endpoint/controller/core/users/EnableUser.class.php
@@ -33,7 +33,7 @@ public function __invoke(ServerRequestInterface $request, array $variables): Res
         $this->assertUserCanBeEnabled($user);
 
         if ($user->pendingActivation()) {
-            (new \wcf\system\user\command\EnableUser($user))();
+            (new \wcf\command\user\EnableUser($user))();
         }
 
         return new JsonResponse([]);
diff --git a/wcfsetup/install/files/lib/system/endpoint/controller/core/users/EnableUserAvatar.class.php b/wcfsetup/install/files/lib/system/endpoint/controller/core/users/EnableUserAvatar.class.php
index 4f10c296b0..b0a180ec00 100644
--- a/wcfsetup/install/files/lib/system/endpoint/controller/core/users/EnableUserAvatar.class.php
+++ b/wcfsetup/install/files/lib/system/endpoint/controller/core/users/EnableUserAvatar.class.php
@@ -5,6 +5,7 @@
 use Laminas\Diactoros\Response\JsonResponse;
 use Psr\Http\Message\ResponseInterface;
 use Psr\Http\Message\ServerRequestInterface;
+use wcf\command\user\EnableAvatar;
 use wcf\data\user\group\UserGroup;
 use wcf\data\user\User;
 use wcf\http\Helper;
@@ -12,7 +13,6 @@
 use wcf\system\endpoint\PostRequest;
 use wcf\system\exception\IllegalLinkException;
 use wcf\system\exception\PermissionDeniedException;
-use wcf\system\user\command\EnableAvatar;
 use wcf\system\WCF;
 
 /**
diff --git a/wcfsetup/install/files/lib/system/endpoint/controller/core/users/EnableUserCoverPhoto.class.php b/wcfsetup/install/files/lib/system/endpoint/controller/core/users/EnableUserCoverPhoto.class.php
index 66682a9c32..8de36634f6 100644
--- a/wcfsetup/install/files/lib/system/endpoint/controller/core/users/EnableUserCoverPhoto.class.php
+++ b/wcfsetup/install/files/lib/system/endpoint/controller/core/users/EnableUserCoverPhoto.class.php
@@ -5,6 +5,7 @@
 use Laminas\Diactoros\Response\JsonResponse;
 use Psr\Http\Message\ResponseInterface;
 use Psr\Http\Message\ServerRequestInterface;
+use wcf\command\user\EnableCoverPhoto;
 use wcf\data\user\group\UserGroup;
 use wcf\data\user\User;
 use wcf\http\Helper;
@@ -12,7 +13,6 @@
 use wcf\system\endpoint\PostRequest;
 use wcf\system\exception\IllegalLinkException;
 use wcf\system\exception\PermissionDeniedException;
-use wcf\system\user\command\EnableCoverPhoto;
 use wcf\system\WCF;
 
 /**
diff --git a/wcfsetup/install/files/lib/system/endpoint/controller/core/users/EnableUserSignature.class.php b/wcfsetup/install/files/lib/system/endpoint/controller/core/users/EnableUserSignature.class.php
index 912eff6f01..6626244e6e 100644
--- a/wcfsetup/install/files/lib/system/endpoint/controller/core/users/EnableUserSignature.class.php
+++ b/wcfsetup/install/files/lib/system/endpoint/controller/core/users/EnableUserSignature.class.php
@@ -5,6 +5,7 @@
 use Laminas\Diactoros\Response\JsonResponse;
 use Psr\Http\Message\ResponseInterface;
 use Psr\Http\Message\ServerRequestInterface;
+use wcf\command\user\EnableSignature;
 use wcf\data\user\group\UserGroup;
 use wcf\data\user\User;
 use wcf\http\Helper;
@@ -12,7 +13,6 @@
 use wcf\system\endpoint\PostRequest;
 use wcf\system\exception\IllegalLinkException;
 use wcf\system\exception\PermissionDeniedException;
-use wcf\system\user\command\EnableSignature;
 use wcf\system\WCF;
 
 /**
diff --git a/wcfsetup/install/files/lib/system/endpoint/controller/core/users/UnbanUser.class.php b/wcfsetup/install/files/lib/system/endpoint/controller/core/users/UnbanUser.class.php
index 5abc846c93..e7a7c0d05c 100644
--- a/wcfsetup/install/files/lib/system/endpoint/controller/core/users/UnbanUser.class.php
+++ b/wcfsetup/install/files/lib/system/endpoint/controller/core/users/UnbanUser.class.php
@@ -33,7 +33,7 @@ public function __invoke(ServerRequestInterface $request, array $variables): Res
         $this->assertUserCanUnbanned($user);
 
         if ($user->banned) {
-            (new \wcf\system\user\command\UnbanUser($user))();
+            (new \wcf\command\user\UnbanUser($user))();
         }
 
         return new JsonResponse([]);