[#7] Fixes a potential mass-assignment vulnerability as pointed by br…

…akeman.

app/controllers/admin/users_controller.rb

@@ -61,6 +61,9 @@ def load_user
   end
 
   def user_params
-    params.require(:user).permit(:name, :email, :phone_number, :organization, :verified, :admin, :password, :password_confirmation)
+    parameters = params.require(:user).permit(:name, :email, :phone_number, :organization, :verified, :password, :password_confirmation)
+    parameters[:admin] = params.dig(:user, :admin) if current_user_admin?
+
+    parameters
   end
 end