pnikolov
commented
9 years ago I've also moved the validation for password confirmation from the CMS\Models\User to the CMS\Controllers\Users. This validation prevents misspelling of the password by validating it is being entered twice.
When a CMS user edits or deletes an instance of the:
The CMS UI and the back-end validations require the currently logged-in user to re-enter his password. The problem occurs when a developer tries to update a CMS user/user role programmatically. The entity model validation rules deny the change because the validation process relies on the current logged user password. The right place for such semantic entity attributes validation is in the Controller code. We should move the re-entering of the current logged-in user password in the Controller scope of work.