From f4e645578c7ee4fcd14f6a9430e79ea7720fc223 Mon Sep 17 00:00:00 2001
From: rob <rob@digitaltelepresence.com>
Date: Mon, 19 Jun 2023 00:28:21 -0400
Subject: [PATCH] correcting use of incorrect variables and unclear Boolean
 logic

---
 app/controllers/admin/user.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/controllers/admin/user.js b/app/controllers/admin/user.js
index 8687940..e80949d 100644
--- a/app/controllers/admin/user.js
+++ b/app/controllers/admin/user.js
@@ -143,7 +143,7 @@ class UserAdminController extends SiteController {
       switch (req.body.action) {
         case 'update':
           if (req.user._id.equals(res.locals.userAccount._id)) {
-             if (req.user.flags.isAdmin && !(userDefinition.isAdmin === 'on')) {
+             if (req.user.flags.isAdmin && (req.body.isAdmin !== 'on')) {
                throw new SiteError(400, "You can't remove your own admin privileges");
              }
           }