public function updateAction() { $this->protectCSRF(); $user = User\AbstractUser::getById(intval($this->getParam("id"))); if ($user instanceof User && $user->isAdmin() && !$this->getUser()->isAdmin()) { throw new \Exception("Only admin users are allowed to modify admin users"); } if ($this->getParam("data")) { $values = \Zend_Json::decode($this->getParam("data")); if (!empty($values["password"])) { $values["password"] = Tool\Authentication::getPasswordHash($user->getName(), $values["password"]); } // check if there are permissions transmitted, if so reset them all to false (they will be set later) foreach ($values as $key => $value) { if (strpos($key, "permission_") === 0) { if (method_exists($user, "setAllAclToFalse")) { $user->setAllAclToFalse(); } break; } } $user->setValues($values); // only admins are allowed to create admin users // if the logged in user isn't an admin, set admin always to false if (!$this->getUser()->isAdmin() && $user instanceof User) { if ($user instanceof User) { $user->setAdmin(false); } } // check for permissions $availableUserPermissionsList = new User\Permission\Definition\Listing(); $availableUserPermissions = $availableUserPermissionsList->load(); foreach ($availableUserPermissions as $permission) { if (isset($values["permission_" . $permission->getKey()])) { $user->setPermission($permission->getKey(), (bool) $values["permission_" . $permission->getKey()]); } } // check for workspaces if ($this->getParam("workspaces")) { $workspaces = \Zend_Json::decode($this->getParam("workspaces")); foreach ($workspaces as $type => $spaces) { $newWorkspaces = []; foreach ($spaces as $space) { $element = Element\Service::getElementByPath($type, $space["path"]); if ($element) { $className = "\\Pimcore\\Model\\User\\Workspace\\" . ucfirst($type); $workspace = new $className(); $workspace->setValues($space); $workspace->setCid($element->getId()); $workspace->setCpath($element->getRealFullPath()); $workspace->setUserId($user->getId()); $newWorkspaces[] = $workspace; } } $user->{"setWorkspaces" . ucfirst($type)}($newWorkspaces); } } } $user->save(); $this->_helper->json(["success" => true]); }