From 4eaf858684f33d3f899680a64be83aa1fd841c09 Mon Sep 17 00:00:00 2001 From: Dane Everitt Date: Mon, 1 May 2017 17:05:30 -0400 Subject: [PATCH] Fix inability to set user as non-admin, closes #414 --- CHANGELOG.md | 1 + app/Http/Controllers/Admin/UserController.php | 11 +++++++---- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index f75fffac1..634bb3a8b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -10,6 +10,7 @@ This project follows [Semantic Versioning](http://semver.org) guidelines. * `[beta.2.1]` — Fixes a bug causing login issues and password reset failures when reCAPTCHA is enabled. * Fixes remote timing attack vulnerability due to hmac comparsion in API middleware. * `[beta.2.1]` — Fixes bug requiring docker image field to be filled out when adding a service option. +* `[beta.2.1]` — Fixes inability to mark a user as a non-admin once they were assigned the role. ### Added * Added new scripts for service options that allows installation of software in a privileged Docker container on the node prior to marking a server as installed. diff --git a/app/Http/Controllers/Admin/UserController.php b/app/Http/Controllers/Admin/UserController.php index c9d7a4725..0e943eb46 100644 --- a/app/Http/Controllers/Admin/UserController.php +++ b/app/Http/Controllers/Admin/UserController.php @@ -143,10 +143,13 @@ class UserController extends Controller { try { $repo = new UserRepository; - $user = $repo->update($id, $request->intersect([ - 'email', 'password', 'name_first', - 'name_last', 'username', 'root_admin', - ])); + $user = $repo->update($id, array_merge( + $request->only('root_admin'), + $request->intersect([ + 'email', 'password', 'name_first', + 'name_last', 'username', + ]) + )); Alert::success('User account was successfully updated.')->flash(); } catch (DisplayValidationException $ex) { return redirect()->route('admin.users.view', $id)->withErrors(json_decode($ex->getMessage()));