public function beforeSave() { // Only a trusted context can change the 'role' attribute if ($this->isDirty('role') && (!Context::isTrusted() && !Role::isTrusted())) { $this->role = isset($this->original['role']) ? $this->original['role'] : null; } if (!$this->isTrustedAction() && !$this->isUpdateAllowed()) { throw new ForbiddenException("not_allowed"); } // Update password if ($this->isDirty('password')) { $this->password_salt = sha1(uniqid(rand(), true)); $this->password = static::password_hash($this->password, $this->password_salt); } parent::beforeSave(); }