Skip to content

Commit

Permalink
EZP-31825: Fixed user with user/password unable to change password
Browse files Browse the repository at this point in the history
  • Loading branch information
@Steveb-p
Steveb-p committed Oct 12, 2020
1 parent edfd1ac commit eecc8e2
Showing 1 changed file with 42 additions and 31 deletions.
73 changes: 42 additions & 31 deletions eZ/Publish/Core/Repository/UserService.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -681,7 +681,8 @@ public function updateUser(APIUser $user, UserUpdateStruct $userUpdateStruct): A

$canEditContent = $this->permissionResolver->canUser('content', 'edit', $loadedUser);

if (!$canEditContent && $this->isUserProfileUpdateRequested($userUpdateStruct)) {
$isUserProfileUpdateRequested = $this->isUserProfileUpdateRequested($userUpdateStruct);
if (!$canEditContent && $isUserProfileUpdateRequested) {
throw new UnauthorizedException('content', 'edit');
}

Expand Down Expand Up @@ -731,40 +732,50 @@ public function updateUser(APIUser $user, UserUpdateStruct $userUpdateStruct): A
throw new UnauthorizedException('user', 'password');
}

$this->repository->beginTransaction();
try {
$publishedContent = $loadedUser;
if ($userUpdateStruct->contentUpdateStruct !== null) {
$contentDraft = $contentService->createContentDraft($loadedUser->getVersionInfo()->getContentInfo());
$contentDraft = $contentService->updateContent(
$contentDraft->getVersionInfo(),
$userUpdateStruct->contentUpdateStruct
);
$publishedContent = $contentService->publishVersion($contentDraft->getVersionInfo());
}
$updateUserCallable = function() use ($loadedUser, $userUpdateStruct, $contentService): void {
$this->repository->beginTransaction();
try {
$publishedContent = $loadedUser;
if ($userUpdateStruct->contentUpdateStruct !== null) {
$contentDraft = $contentService->createContentDraft($loadedUser->getVersionInfo()->getContentInfo());
$contentDraft = $contentService->updateContent(
$contentDraft->getVersionInfo(),
$userUpdateStruct->contentUpdateStruct
);
$publishedContent = $contentService->publishVersion($contentDraft->getVersionInfo());
}

if ($userUpdateStruct->contentMetadataUpdateStruct !== null) {
$contentService->updateContentMetadata(
$publishedContent->getVersionInfo()->getContentInfo(),
$userUpdateStruct->contentMetadataUpdateStruct
if ($userUpdateStruct->contentMetadataUpdateStruct !== null) {
$contentService->updateContentMetadata(
$publishedContent->getVersionInfo()->getContentInfo(),
$userUpdateStruct->contentMetadataUpdateStruct
);
}

// User\Handler::update call is currently used to clear cache only
$this->userHandler->update(
new SPIUser(
[
'id' => $loadedUser->id,
'login' => $loadedUser->login,
'email' => $userUpdateStruct->email ?: $loadedUser->email,
]
)
);
}

// User\Handler::update call is currently used to clear cache only
$this->userHandler->update(
new SPIUser(
[
'id' => $loadedUser->id,
'login' => $loadedUser->login,
'email' => $userUpdateStruct->email ?: $loadedUser->email,
]
)
);
$this->repository->commit();
} catch (Exception $e) {
$this->repository->rollback();
throw $e;
}
};

$this->repository->commit();
} catch (Exception $e) {
$this->repository->rollback();
throw $e;
if ($isUserProfileUpdateRequested) {
// Perform update in user context
$updateUserCallable();
} else {
// Perform update without checking other user permissions
$this->repository->sudo($updateUserCallable);
}

return $this->loadUser($loadedUser->id);
Expand Down

0 comments on commit eecc8e2

Please sign in to comment.