public function validateUpdate($payload, sfWebRequest $request = null) { parent::validateUpdate($payload, $request); $params = $this->parsePayload($payload); $primaryKey = $request->getParameter('id'); if (!$this->getUser()->getGuardUser() || $this->getUser()->getGuardUser()->getIncremented() != $primaryKey && !$this->getUser()->isSuperAdmin()) { throw new sfException("You can only alter information for your own " . "user record.", 403); } }
protected function updateUserFromRequest() { if (!$this->user->getId() && !$this->getRequestParameter('password')) { $password = substr(md5(rand(100000, 999999)), 0, 6); $this->user->setPassword($password); } if ($this->getRequestParameter('password')) { $this->user->setPassword($this->getRequestParameter('password')); } parent::updateUserFromRequest(); }