+ const userToUpdate = res.locals.user as UserModel
+ const oldUserAuditView = new UserAuditView(userToUpdate.toFormattedJSON())
+ const roleChanged = body.role !== undefined && body.role !== userToUpdate.role
+
+ if (body.email !== undefined) userToUpdate.email = body.email
+ if (body.videoQuota !== undefined) userToUpdate.videoQuota = body.videoQuota
+ if (body.role !== undefined) userToUpdate.role = body.role
+
+ const user = await userToUpdate.save()
+
+ // Destroy user token to refresh rights
+ if (roleChanged) {
+ await OAuthTokenModel.deleteUserToken(userToUpdate.id)
+ }
+
+ auditLogger.update(
+ res.locals.oauth.token.User.Account.Actor.getIdentifier(),
+ new UserAuditView(user.toFormattedJSON()),
+ oldUserAuditView
+ )
+
+ // Don't need to send this update to followers, these attributes are not propagated
+
+ return res.sendStatus(204)
+}
+
+async function askResetUserPassword (req: express.Request, res: express.Response, next: express.NextFunction) {