hasinhayder · hrr2000 · Feb 15, 2023
diff --git a/app/Http/Controllers/UserController.php b/app/Http/Controllers/UserController.php
@@ -99,14 +99,14 @@ public function update(Request $request, User $user) {
         $user->name = $request->name ?? $user->name;
         $user->email = $request->email ?? $user->email;
         $user->password = $request->password ? Hash::make($request->password) : $user->password;
-        $user->email_verified_at = $request->email_verified_at ?? $user->email_verified_at;
 
         //check if the logged in user is updating it's own record
 
         $loggedInUser = $request->user();
         if ($loggedInUser->id == $user->id) {
             $user->update();
         } elseif ($loggedInUser->tokenCan('admin') || $loggedInUser->tokenCan('super-admin')) {
+            $user->email_verified_at = $request->email_verified_at ?? $user->email_verified_at;
             $user->update();
         } else {
             throw new MissingAbilityException('Not Authorized');