protected function data(ServerRequestInterface $request, Document $document)
{
$id = array_get($request->getQueryParams(), 'id');
$actor = $request->getAttribute('actor');
$data = array_get($request->getParsedBody(), 'data', []);
// Require the user's current password if they are attempting to change
// their own email address.
if (isset($data['attributes']['email']) && $actor->id == $id) {
$password = array_get($request->getParsedBody(), 'meta.password');
if (!$actor->checkPassword($password)) {
throw new PermissionDeniedException();
}
}
return $this->bus->dispatch(new EditUser($id, $actor, $data));
}