Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
task: improve non-admin update user
  • Loading branch information
kingjia90 authored and dvesh3 committed May 16, 2023
1 parent 5811675 commit c8f37b1
Showing 1 changed file with 3 additions and 2 deletions.
5 changes: 3 additions & 2 deletions bundles/AdminBundle/Controller/Admin/UserController.php
Expand Up @@ -287,12 +287,13 @@ public function deleteAction(Request $request)
public function updateAction(Request $request)
{
$user = User\UserRole::getById((int)$request->get('id'));
$currentUserIsAdmin = $this->getAdminUser()->isAdmin();

if (!$user) {
throw $this->createNotFoundException();
}

if ($user instanceof User && $user->isAdmin() && !$this->getAdminUser()->isAdmin()) {
if ($user instanceof User && $user->isAdmin() && !$currentUserIsAdmin) {
throw $this->createAccessDeniedHttpException('Only admin users are allowed to modify admin users');
}

Expand Down Expand Up @@ -325,7 +326,7 @@ public function updateAction(Request $request)

// only admins are allowed to create admin users
// if the logged in user isn't an admin, set admin always to false
if ($user instanceof User && !$this->getAdminUser()->isAdmin()) {
if ($user instanceof User && !$currentUserIsAdmin) {
$user->setAdmin(false);
}

Expand Down

0 comments on commit c8f37b1

Please sign in to comment.