User::userUpdate

static function userUpdate($userFields, $nav = 0, CRestServer $server = null)
{
	if (!is_null($server) && !static::isMainScope($server))
	{
		return static::getErrorScope();
	}

	global $USER;

	static::checkAllowedFields();

	$bB24 = ModuleManager::isModuleInstalled('bitrix24');

	$bAdmin = ($bB24 && $USER->canDoOperation('bitrix24_invite'))
		|| $USER->canDoOperation('edit_all_users');

	$userFields = array_change_key_case($userFields, CASE_UPPER);

	if($userFields['ID'] > 0)
	{
		if($bAdmin || ($USER->getID() == $userFields['ID'] && $USER->CanDoOperation('edit_own_profile')))
		{
			$updateFields = self::prepareSaveData($userFields);

			// security
			if(!$bAdmin)
			{
				unset($updateFields['ACTIVE']);
				unset($updateFields['UF_DEPARTMENT']);
			}
			// security

			$obUser = new CUser;
			if(!$obUser->update($userFields['ID'], $updateFields))
			{
				throw new Exception($obUser->LAST_ERROR);
			}
			else
			{
				$res = true;
			}
		}
		else
		{
			throw new Exception('access_denied');
		}
	}
	else
	{
		throw new Exception('access_denied');
	}

	return $res;
}