User edit: Only admin can change status to admin

jmontoyaa · jmontoyaa · commit d2be86122e5b · 2021-08-18T13:58:57.000+02:00
diff --git a/main/admin/user_edit.php b/main/admin/user_edit.php
@@ -421,7 +421,12 @@ function confirmation(name) {
         $phone = $user['phone'];
         $username = isset($user['username']) ? $user['username'] : $userInfo['username'];
         $status = (int) $user['status'];
-        $platform_admin = (int) $user['platform_admin'];
+        $platform_admin = 0;
+        // Only platform admin can change user status to admin.
+        if (api_is_platform_admin()) {
+            $platform_admin = (int) $user['platform_admin'];
+        }
+
         $send_mail = (int) $user['send_mail'];
         $reset_password = (int) $user['reset_password'];
         $hr_dept_id = isset($user['hr_dept_id']) ? intval($user['hr_dept_id']) : null;
