Merge commit from fork

BossOfGames · web-flow · commit ad8735d91412 · 2025-02-12T11:04:41.000-06:00
diff --git a/app/Http/Controllers/Admin/UserController.php b/app/Http/Controllers/Admin/UserController.php
@@ -21,6 +21,7 @@
 use Illuminate\Auth\Events\Verified;
 use Illuminate\Http\RedirectResponse;
 use Illuminate\Http\Request;
+use Illuminate\Support\Facades\Auth;
 use Illuminate\Support\Facades\DB;
 use Illuminate\Support\Facades\Hash;
 use Illuminate\Support\Facades\Log;
@@ -219,11 +220,13 @@ public function update(int $id, UpdateUserRequest $request): RedirectResponse
             event(new UserStatsChanged($user, 'rank', $user->rank_id));
         }
 
-        // Delete all of the roles and then re-attach the valid ones
-        if (!empty($request->input('roles'))) {
-            DB::table('role_user')->where('user_id', $id)->delete();
-            foreach ($request->input('roles') as $key => $value) {
-                $user->addRole($value);
+        // Check if the user is an admin. If so, they can modify roles.
+        if (Auth::user()->hasRole('admin')) {
+            DB::table('role_user')->where('user_id', $user->id)->delete();
+            if (!empty($request->input('roles'))) {
+                foreach ($request->input('roles') as $key => $value) {
+                    $user->addRole($value);
+                }
             }
         }
 
