diff --git a/app/Http/Controllers/Api/UsersController.php b/app/Http/Controllers/Api/UsersController.php
index 3876bbc795..4d50af6697 100644
--- a/app/Http/Controllers/Api/UsersController.php
+++ b/app/Http/Controllers/Api/UsersController.php
@@ -477,7 +477,7 @@ class UsersController extends Controller
             }
 
             // check for permissions related fields and pull them out if the current user cannot edit them
-            if (auth()->user()->can('canEditAuthFields') && auth()->user()->can('editableOnDemo')) {
+            if (auth()->user()->can('canEditAuthFields', $user) && auth()->user()->can('editableOnDemo')) {
 
                 if ($request->filled('password')) {
                     $user->password = bcrypt($request->input('password'));
diff --git a/app/Http/Controllers/Users/UsersController.php b/app/Http/Controllers/Users/UsersController.php
index a2cd2d876c..8221fc4bd8 100755
--- a/app/Http/Controllers/Users/UsersController.php
+++ b/app/Http/Controllers/Users/UsersController.php
@@ -266,7 +266,7 @@ class UsersController extends Controller
             ->update(['location_id' => $request->input('location_id', null)]);
 
         // check for permissions related fields and only set them if the user has permission to edit them
-        if (auth()->user()->can('canEditAuthFields') && auth()->user()->can('editableOnDemo')) {
+        if (auth()->user()->can('canEditAuthFields', $user) && auth()->user()->can('editableOnDemo')) {
 
             $user->username = trim($request->input('username'));
             $user->email = trim($request->input('email'));
diff --git a/tests/Feature/Users/Ui/UpdateUserTest.php b/tests/Feature/Users/Ui/UpdateUserTest.php
index 982b294a47..723ce5df2e 100644
--- a/tests/Feature/Users/Ui/UpdateUserTest.php
+++ b/tests/Feature/Users/Ui/UpdateUserTest.php
@@ -278,7 +278,7 @@ class UpdateUserTest extends TestCase
         $user->delete();
 
         $response = $this->actingAs(User::factory()->editUsers()->create())
-            ->put(route('users.update', $id), [
+            ->put(route('users.update', $user), [
                 'first_name' => 'test',
                 'username' => 'test',
                 'company_id' => $companyB->id,
@@ -293,7 +293,7 @@ class UpdateUserTest extends TestCase
         $this->assertDatabaseHas('users', [
             'id' => $id,
             'first_name' => 'test',
-            'username' => $user->username,
+            'username' => 'test',
             'company_id' => $companyB->id,
         ]);
     }