Fix inability to set user as non-admin, closes #414

CHANGELOG.md

@@ -10,6 +10,7 @@ This project follows [Semantic Versioning](http://semver.org) guidelines.
 * `[beta.2.1]` — Fixes a bug causing login issues and password reset failures when reCAPTCHA is enabled.
 * Fixes remote timing attack vulnerability due to hmac comparsion in API middleware.
 * `[beta.2.1]` — Fixes bug requiring docker image field to be filled out when adding a service option.
+* `[beta.2.1]` — Fixes inability to mark a user as a non-admin once they were assigned the role.
 
 ### Added
 * Added new scripts for service options that allows installation of software in a privileged Docker container on the node prior to marking a server as installed.

app/Http/Controllers/Admin/UserController.php

@@ -143,10 +143,13 @@ class UserController extends Controller
     {
         try {
             $repo = new UserRepository;
-            $user = $repo->update($id, $request->intersect([
+            $user = $repo->update($id, array_merge(
+                $request->only('root_admin'),
+                $request->intersect([
                     'email', 'password', 'name_first',
-                'name_last', 'username', 'root_admin',
-            ]));
+                    'name_last', 'username',
+                ])
+            ));
             Alert::success('User account was successfully updated.')->flash();
         } catch (DisplayValidationException $ex) {
             return redirect()->route('admin.users.view', $id)->withErrors(json_decode($ex->getMessage()));