From 1ef44721f59ab2ce5e241daea07fa276d5c6b5ba Mon Sep 17 00:00:00 2001
From: snipe <snipe@snipe.net>
Date: Tue, 12 Dec 2017 07:03:31 -0800
Subject: [PATCH] Improved - disallow delete if not elgible in UI

---
 app/Http/Controllers/Api/CompaniesController.php | 15 +++++++++++++--
 app/Http/Transformers/DepartmentsTranformer.php  |  2 +-
 app/Http/Transformers/LocationsTransformer.php   |  2 +-
 3 files changed, 15 insertions(+), 4 deletions(-)

diff --git a/app/Http/Controllers/Api/CompaniesController.php b/app/Http/Controllers/Api/CompaniesController.php
index 4d5a1b2a4f..ebafd9a98e 100644
--- a/app/Http/Controllers/Api/CompaniesController.php
+++ b/app/Http/Controllers/Api/CompaniesController.php
@@ -22,10 +22,21 @@ class CompaniesController extends Controller
     {
         $this->authorize('view', Company::class);
 
-        $allowed_columns = ['id','name'];
+        $allowed_columns = [
+            'id',
+            'name',
+            'created_at',
+            'updated_at',
+            'users_count',
+            'assets_count',
+            'licenses_count',
+            'accessories_count',
+            'consumables_count',
+            'components_count',
+        ];
 
         $companies = Company::withCount('assets','licenses','accessories','consumables','components','users')
-            ->withCount('users')->withCount('users')->withCount('assets')
+            ->withCount('users')->withCount('assets')
             ->withCount('licenses')->withCount('accessories')
             ->withCount('consumables')->withCount('components');
 
diff --git a/app/Http/Transformers/DepartmentsTranformer.php b/app/Http/Transformers/DepartmentsTranformer.php
index dd51e73aa8..f81954f947 100644
--- a/app/Http/Transformers/DepartmentsTranformer.php
+++ b/app/Http/Transformers/DepartmentsTranformer.php
@@ -47,7 +47,7 @@ class DepartmentsTransformer
 
             $permissions_array['available_actions'] = [
                 'update' => Gate::allows('update', Department::class) ? true : false,
-                'delete' => Gate::allows('delete', Department::class) ? true : false,
+                'delete' => (Gate::allows('delete', Department::class) && ($department->users_count==0) && ($department->deleted_at=='')) ? true : false,
             ];
 
             $array += $permissions_array;
diff --git a/app/Http/Transformers/LocationsTransformer.php b/app/Http/Transformers/LocationsTransformer.php
index 96fd25fee6..f8aa322c30 100644
--- a/app/Http/Transformers/LocationsTransformer.php
+++ b/app/Http/Transformers/LocationsTransformer.php
@@ -57,7 +57,7 @@ class LocationsTransformer
 
             $permissions_array['available_actions'] = [
                 'update' => Gate::allows('update', Location::class) ? true : false,
-                'delete' => Gate::allows('delete', Location::class) ? true : false,
+                'delete' => (Gate::allows('delete', Department::class) && ($location->assigned_assets_count==0) && ($location->assets_count==0) && ($location->users_count==0) && ($location->deleted_at=='')) ? true : false,
             ];
 
             $array += $permissions_array;