From 6f6a475633c9395e22b9f5b70fbcf5ff0559a3c4 Mon Sep 17 00:00:00 2001
From: Hillel Coren <hillelcoren@gmail.com>
Date: Wed, 17 Aug 2016 17:29:25 +0300
Subject: [PATCH] API changes

---
 app/Http/Middleware/ApiCheck.php        | 2 +-
 app/Http/Requests/UpdateUserRequest.php | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/app/Http/Middleware/ApiCheck.php b/app/Http/Middleware/ApiCheck.php
index 19181b8da514..3561695e5cb4 100644
--- a/app/Http/Middleware/ApiCheck.php
+++ b/app/Http/Middleware/ApiCheck.php
@@ -42,7 +42,7 @@ class ApiCheck {
 
             // check if user is archived
             if ($token && $token->user) {
-                Auth::loginUsingId($token->user_id);
+                Auth::onceUsingId($token->user_id);
                 Session::set('token_id', $token->id);
             } else {
                 sleep(ERROR_DELAY);
diff --git a/app/Http/Requests/UpdateUserRequest.php b/app/Http/Requests/UpdateUserRequest.php
index 7b61a4f745ee..fbae72e52899 100644
--- a/app/Http/Requests/UpdateUserRequest.php
+++ b/app/Http/Requests/UpdateUserRequest.php
@@ -2,9 +2,9 @@
 
 use Auth;
 
-class UpdateUserRequest extends Request
+class UpdateUserRequest extends EntityReques
 {
-    // Expenses 
+    // Expenses
     /**
      * Determine if the user is authorized to make this request.
      *
@@ -12,7 +12,7 @@ class UpdateUserRequest extends Request
      */
     public function authorize()
     {
-        return $this->user()->can('edit', $this->entity());
+        return Auth::user()->is_admin || $this->user()->id == Auth::user()->id;
     }
 
     /**