Users with core.create permission should be able create/update the users

Author: twsvaishali

src/users/user.php

@@ -33,17 +33,22 @@ public function post()
 		$formData       = $app->input->getArray();
 		$userIdentifier = $app->input->get('id', 0, 'string');
 
+		if (isset($formData['fields']))
+		{
+			$formData['com_fields'] = $formData['fields'];
+			unset($formData['fields']);
+		}
+
 		// Get current logged in user.
 		$me = $this->plugin->get('user');
+		$iAmSuperAdmin = $me->authorise('core.create');
 
 		if (!empty($userIdentifier))
 		{
 			$user = $this->retriveUser($userIdentifier);
 
 			if (!empty($user->id))
 			{
-				$iAmSuperAdmin = $me->authorise('core.create');
-
 				// Check if regular user is trying to update his/her own profile OR if user is superadmin
 				if ($me->id == $user->id || $iAmSuperAdmin)
 				{
@@ -81,6 +86,13 @@ public function post()
 		// Check if $userIdentifier is not set - POST / CREATE user case
 		else
 		{
+			if (!$iAmSuperAdmin)
+			{
+				ApiError::raiseError(400, JText::_('JERROR_ALERTNOAUTHOR'));
+
+				return;
+			}
+
 			// Validate required fields
 			if ($formData['username'] == '' || $formData['name'] == '' || $formData['email'] == '')
 			{