func (c User) PostUpdate(id bson.ObjectId, user *models.User, password models.Password) revel.Result {
if user.CanBeUpdatedBy(c.MongoSession, c.ActiveUser) {
// Don't trust user submitted id... load from session.
user.Id = c.ActiveUser.Id
user.Validate(c.Validation)
// Only validate the password if either is non-empty
if password.Pass != "" || password.PassConfirm != "" {
user.ValidatePassword(c.Validation, password)
}
if c.Validation.HasErrors() {
c.Validation.Keep()
c.FlashParams()
c.Flash.Error("Please correct the errors below.")
return c.Redirect(User.Index)
}
user.Save(c.MongoSession, password)
// Refresh the session in case the email address was changed.
c.Session["user"] = user.Email
c.Flash.Success("Successfully updated account")
return c.Redirect(Application.Index)
}
return c.Forbidden("You can only edit your own account. ")
}
