From c8f37b19c99cd82e4e558857d3e4d5476ea7228a Mon Sep 17 00:00:00 2001
From: JiaJia Ji <kingjia90@gmail.com>
Date: Tue, 16 May 2023 10:55:11 +0200
Subject: [PATCH] task: improve non-admin update user

---
 bundles/AdminBundle/Controller/Admin/UserController.php | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/bundles/AdminBundle/Controller/Admin/UserController.php b/bundles/AdminBundle/Controller/Admin/UserController.php
index ee709030091..b1802b225c7 100644
--- a/bundles/AdminBundle/Controller/Admin/UserController.php
+++ b/bundles/AdminBundle/Controller/Admin/UserController.php
@@ -287,12 +287,13 @@ public function deleteAction(Request $request)
     public function updateAction(Request $request)
     {
         $user = User\UserRole::getById((int)$request->get('id'));
+        $currentUserIsAdmin = $this->getAdminUser()->isAdmin();
 
         if (!$user) {
             throw $this->createNotFoundException();
         }
 
-        if ($user instanceof User && $user->isAdmin() && !$this->getAdminUser()->isAdmin()) {
+        if ($user instanceof User && $user->isAdmin() && !$currentUserIsAdmin) {
             throw $this->createAccessDeniedHttpException('Only admin users are allowed to modify admin users');
         }
 
@@ -325,7 +326,7 @@ public function updateAction(Request $request)
 
             // only admins are allowed to create admin users
             // if the logged in user isn't an admin, set admin always to false
-            if ($user instanceof User && !$this->getAdminUser()->isAdmin()) {
+            if ($user instanceof User && !$currentUserIsAdmin) {
                 $user->setAdmin(false);
             }