From 3feadb7bd9776d240f552c7f818f04d04f285bbd Mon Sep 17 00:00:00 2001
From: Andy Miller <rhuk@mac.com>
Date: Tue, 18 Dec 2018 20:18:01 -0700
Subject: [PATCH] Unset state from user if no super or user admin

---
 classes/admin.php | 1 +
 1 file changed, 1 insertion(+)

diff --git a/classes/admin.php b/classes/admin.php
index 6fd9df28..74441f25 100644
--- a/classes/admin.php
+++ b/classes/admin.php
@@ -702,6 +702,7 @@ class Admin
         // Clean field for users who shouldn't be able to modify these fields
         if (!$this->authorize(['admin.user', 'admin.super'])) {
             unset($post['access']);
+            unset($post['state']);
         }
 
         return $post;