diff --git a/src/app/user/controllers/SignatureController.php b/src/app/user/controllers/SignatureController.php
index 36561906c1608b0e5b4ba3a4a5cd6846cead6722..b342b88f410457c192c6b4c4aa7dd1711c104473 100755
--- a/src/app/user/controllers/SignatureController.php
+++ b/src/app/user/controllers/SignatureController.php
@@ -223,6 +223,10 @@ class SignatureController
             return $response->withStatus(403)->withJson(['errors' => 'Privilege forbidden']);
         }
 
+        if (!UserController::hasRightByUserId(['activeUserId' => $GLOBALS['id'], 'targetUserId' => $args['id']]) && $GLOBALS['id'] !== intval($args['id'])) {
+            return $response->withStatus(403)->withJson(['errors' => 'Privilege forbidden']);
+        }
+
         $user = UserModel::getById(['select' => [1], 'id' => $args['id']]);
         if (empty($user)) {
             return $response->withStatus(400)->withJson(['errors' => 'User does not exist']);
diff --git a/src/app/user/controllers/UserController.php b/src/app/user/controllers/UserController.php
index ae060a9498c0db49328a9440e8c23fa9d756cdc5..e9b83b6b05de1df51dd2e55e8e9d01c33d802dce 100755
--- a/src/app/user/controllers/UserController.php
+++ b/src/app/user/controllers/UserController.php
@@ -118,8 +118,10 @@ class UserController
             if ($GLOBALS['id'] != $args['id']) {
                 $groupsIds = array_values(array_intersect($groupsIds, array_column(UserController::getManageableGroups(['userId' => $GLOBALS['id']]), 'id')));
             }
-            $groups = GroupModel::get(['select' => ['label', 'id'], 'where' => ['id in (?)'], 'data' => [$groupsIds]]);
-            $user['groups'] = $groups;
+            if(!empty($groupsIds)){
+                $groups = GroupModel::get(['select' => ['label', 'id'], 'where' => ['id in (?)'], 'data' => [$groupsIds]]);
+                $user['groups'] = $groups;
+            }
         } else {
             $user = UserModel::getById(['select' => ['id', 'firstname', 'lastname', 'email', 'phone', 'substitute'], 'id' => $args['id']]);
         }
@@ -224,7 +226,7 @@ class UserController
         if (!Validator::intVal()->notEmpty()->validate($args['id'])) {
             return $response->withStatus(400)->withJson(['errors' => 'Route id is not an integer']);
         }
-        
+
         $connection = ConfigurationModel::getConnection();
         if (($GLOBALS['id'] != $args['id'] || $connection != 'default') && !UserController::hasRightByUserId(['activeUserId' => $GLOBALS['id'], 'targetUserId' => $args['id']])) {
             return $response->withStatus(403)->withJson(['errors' => 'Privilege forbidden']);
@@ -255,7 +257,7 @@ class UserController
             'firstname'       => $body['firstname'],
             'lastname'        => $body['lastname'],
             'email'           => $body['email'],
-            'phone'           => $body['phone'] ?? null,  
+            'phone'           => $body['phone'] ?? null,
             'signature_modes' => []
         ];