closes #6276

src/controllers/accounts/helpers.js

@@ -62,6 +62,9 @@ helpers.getUserDataByUserSlug = function (userslug, callerUID, callback) {
 				sso: function (next) {
 					plugins.fireHook('filter:auth.list', { uid: uid, associations: [] }, next);
 				},
+				canEdit: function (next) {
+					privileges.users.canEdit(callerUID, uid, next);
+				},
 				canBanUser: function (next) {
 					privileges.users.canBanUser(callerUID, uid, next);
 				},
@@ -113,7 +116,7 @@ helpers.getUserDataByUserSlug = function (userslug, callerUID, callback) {
 			userData.isAdminOrGlobalModerator = isAdmin || isGlobalModerator;
 			userData.isAdminOrGlobalModeratorOrModerator = isAdmin || isGlobalModerator || isModerator;
 			userData.isSelfOrAdminOrGlobalModerator = isSelf || isAdmin || isGlobalModerator;
-			userData.canEdit = isAdmin || (isGlobalModerator && !results.isTargetAdmin);
+			userData.canEdit = results.canEdit;
 			userData.canBan = results.canBanUser;
 			userData.canChangePassword = isAdmin || (isSelf && parseInt(meta.config['password:disableEdit'], 10) !== 1);
 			userData.isSelf = isSelf;

src/privileges/users.js

@@ -141,9 +141,13 @@ module.exports = function (privileges) {
 				}, next);
 			},
 			function (results, next) {
-				var canEdit = results.isAdmin || (results.isGlobalMod && !results.isTargetAdmin);
-
-				next(null, canEdit);
+				results.canEdit = results.isAdmin || (results.isGlobalMod && !results.isTargetAdmin);
+				results.callerUid = callerUid;
+				results.uid = uid;
+				plugins.fireHook('filter:user.canEdit', results, next);
+			},
+			function (data, next) {
+				next(null, data.canEdit);
 			},
 		], callback);
 	};