task: improve non-admin update user

pimcore · May 16, 2023 · c8f37b1 · c8f37b1
1 parent 5811675
commit c8f37b1
Showing 1 changed file with 3 additions and 2 deletions.
diff --git a/bundles/AdminBundle/Controller/Admin/UserController.php b/bundles/AdminBundle/Controller/Admin/UserController.php
@@ -287,12 +287,13 @@ public function deleteAction(Request $request)
     public function updateAction(Request $request)
     {
         $user = User\UserRole::getById((int)$request->get('id'));
+        $currentUserIsAdmin = $this->getAdminUser()->isAdmin();
 
         if (!$user) {
             throw $this->createNotFoundException();
         }
 
-        if ($user instanceof User && $user->isAdmin() && !$this->getAdminUser()->isAdmin()) {
+        if ($user instanceof User && $user->isAdmin() && !$currentUserIsAdmin) {
             throw $this->createAccessDeniedHttpException('Only admin users are allowed to modify admin users');
         }
 
@@ -325,7 +326,7 @@ public function updateAction(Request $request)
 
             // only admins are allowed to create admin users
             // if the logged in user isn't an admin, set admin always to false
-            if ($user instanceof User && !$this->getAdminUser()->isAdmin()) {
+            if ($user instanceof User && !$currentUserIsAdmin) {
                 $user->setAdmin(false);
             }