Merge branch 'AC-1821' into 2.4.5-bugfixes-020822

Author: dvoskoboinikov

app/code/Magento/Customer/Model/Plugin/UpdateCustomer.php

@@ -11,6 +11,8 @@
 use Magento\Framework\Webapi\Rest\Request as RestRequest;
 use Magento\Customer\Api\Data\CustomerInterface;
 use Magento\Customer\Api\CustomerRepositoryInterface;
+use Magento\Authorization\Model\UserContextInterface;
+use Magento\Framework\App\ObjectManager;
 
 /**
  * Update customer by id from request param
@@ -22,12 +24,19 @@ class UpdateCustomer
      */
     private $request;
 
+    /**
+     * @var UserContextInterface
+     */
+    private $userContext;
+
     /**
      * @param RestRequest $request
+     * @param UserContextInterface|null $userContext
      */
-    public function __construct(RestRequest $request)
+    public function __construct(RestRequest $request, ?UserContextInterface $userContext = null)
     {
         $this->request = $request;
+        $this->userContext = $userContext ?? ObjectManager::getInstance()->get(UserContextInterface::class);
     }
 
     /**
@@ -43,10 +52,14 @@ public function beforeSave(
         CustomerInterface $customer,
         ?string $passwordHash = null
     ): array {
-        $customerId = $this->request->getParam('customerId');
+        $customerSessionId = $this->userContext->getUserType() === $this->userContext::USER_TYPE_CUSTOMER ?
+                             (int)$this->userContext->getUserId() : 0;
+        $customerId = (int)$this->request->getParam('customerId');
         $bodyParams = $this->request->getBodyParams();
         if (!isset($bodyParams['customer']['Id']) && $customerId) {
-            $customer = $this->getUpdatedCustomer($customerRepository->getById($customerId), $customer);
+            if ($customerId === $customerSessionId || $customerSessionId === 0) {
+                $customer = $this->getUpdatedCustomer($customerRepository->getById($customerId), $customer);
+            }
         }
 
         return [$customer, $passwordHash];