/**
* Updates an existing User and Role models.
* If update is successful, the browser will be redirected to the 'view' page.
*
* @param integer $id The user id.
* @return string|\yii\web\Response
*
* @throws NotFoundHttpException
*/
public function actionUpdate($id)
{
// get role
$role = Role::findOne(['user_id' => $id]);
// get user details
$user = $this->findModel($id);
// only The Creator can update everyone`s roles
// admin will not be able to update role of theCreator
if (!Yii::$app->user->can('theCreator')) {
if ($role->item_name === 'theCreator') {
return $this->goHome();
}
}
// load user data with role and validate them
if ($user->load(Yii::$app->request->post()) && $role->load(Yii::$app->request->post()) && Model::validateMultiple([$user, $role])) {
// only if user entered new password we want to hash and save it
if ($user->password) {
$user->setPassword($user->password);
}
// if admin is activating user manually we want to remove account activation token
if ($user->status == User::STATUS_ACTIVE && $user->account_activation_token != null) {
$user->removeAccountActivationToken();
}
$user->save(false);
$role->save(false);
return $this->redirect(['view', 'id' => $user->id]);
} else {
return $this->render('update', ['user' => $user, 'role' => $role]);
}
}
/**
* Updates an existing User and Role models.
* If update is successful, the browser will be redirected to the 'view' page.
*
* @param integer $id The user id.
* @return string|\yii\web\Response
*
* @throws NotFoundHttpException
*/
public function actionUpdate($id)
{
// get role
$role = Role::findOne(['user_id' => $id]);
// get user details
$user = $this->findModel($id);
// Dev/Master can update everyone`s roles
// admin will not be able to update role of Dev/Master
if (AuthAssignment::getAssignment(Yii::$app->user->identity->id) !== 'dev' || AuthAssignment::getAssignment(Yii::$app->user->identity->id) !== 'master') {
if ($role === 'dev' || $role === 'master') {
throw new ForbiddenHttpException('Unauthorized Access', 403);
}
}
// load user data with role and validate them
if ($user->load(Yii::$app->request->post()) && $role->load(Yii::$app->request->post()) && Model::validateMultiple([$user, $role])) {
// only if user entered new password we want to hash and save it
if ($user->password) {
$user->setPassword($user->password);
}
// if admin is activating user manually we want to remove account activation token
if ($user->status == User::STATUS_ACTIVE && $user->account_activation_token != null) {
$user->removeAccountActivationToken();
}
$user->save(false);
$role->save(false);
Yii::$app->session->setFlash('success', 'Saved successfully');
return $this->redirect(['view', 'id' => $user->id]);
} else {
return $this->render('update', ['user' => $user, 'role' => $role]);
}
}
