Fix inability to set user as non-admin, closes pterodactyl#414

DaneEveritt · DaneEveritt · commit 4eaf858684f3 · 2017-05-01T17:05:30.000-04:00
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -10,6 +10,7 @@ This project follows [Semantic Versioning](http://semver.org) guidelines.
 * `[beta.2.1]` — Fixes a bug causing login issues and password reset failures when reCAPTCHA is enabled.
 * Fixes remote timing attack vulnerability due to hmac comparsion in API middleware.
 * `[beta.2.1]` — Fixes bug requiring docker image field to be filled out when adding a service option.
+* `[beta.2.1]` — Fixes inability to mark a user as a non-admin once they were assigned the role.
 
 ### Added
 * Added new scripts for service options that allows installation of software in a privileged Docker container on the node prior to marking a server as installed.
diff --git a/app/Http/Controllers/Admin/UserController.php b/app/Http/Controllers/Admin/UserController.php
@@ -143,10 +143,13 @@ public function update(Request $request, $id)
     {
         try {
             $repo = new UserRepository;
-            $user = $repo->update($id, $request->intersect([
-                'email', 'password', 'name_first',
-                'name_last', 'username', 'root_admin',
-            ]));
+            $user = $repo->update($id, array_merge(
+                $request->only('root_admin'),
+                $request->intersect([
+                    'email', 'password', 'name_first',
+                    'name_last', 'username',
+                ])
+            ));
             Alert::success('User account was successfully updated.')->flash();
         } catch (DisplayValidationException $ex) {
             return redirect()->route('admin.users.view', $id)->withErrors(json_decode($ex->getMessage()));
