Explicitly adds/removes rights, makes possible to remove all rights

app/pages/profile.php

@@ -91,13 +91,20 @@ if ($_SERVER['REQUEST_METHOD'] == 'POST') {
     ];
     $result = $userObject->editUser($userId, $updatedUser);
     if ($result === true) {
-        Feedback::flash('NOTICE', 'DEFAULT', "User details for \"{$updatedUser['name']}\" are edited.");
+        Feedback::flash('NOTICE', 'DEFAULT', "User details for \"{$userDetails[0]['username']}\" are edited.");
     } else {
         Feedback::flash('ERROR', 'DEFAULT', "Editing the user details failed. Error: $result");
     }
 
     // update the rights
-    if (isset($_POST['rights'])) {
+    // Get current rights IDs
+    $userRightsIds = array_column($userRights, 'right_id');
+
+    // If no rights are selected, remove all rights
+    if (!isset($_POST['rights'])) {
+        $_POST['rights'] = [];
+    }
+
     $validator = new Validator(['rights' => $_POST['rights']]);
     $rules = [
         'rights' => [
@@ -112,8 +119,6 @@ if ($_SERVER['REQUEST_METHOD'] == 'POST') {
     }
 
     $newRights = $_POST['rights'];
-        // extract the new right_ids
-        $userRightsIds = array_column($userRights, 'right_id');
     // what rights we need to add
     $rightsToAdd = array_diff($newRights, $userRightsIds);
     if (!empty($rightsToAdd)) {
@@ -128,7 +133,6 @@ if ($_SERVER['REQUEST_METHOD'] == 'POST') {
             $userObject->removeUserRight($userId, $rightId);
         }
     }
-    }
 
     // update the avatar
     if (!empty($_FILES['avatar_file']['tmp_name'])) {