Fixes #3805 - add/update/delete methods for User API

app/Http/Controllers/Api/UsersController.php

@@ -7,6 +7,7 @@ use App\Http\Controllers\Controller;
 use App\Http\Transformers\UsersTransformer;
 use App\Models\Company;
 use App\Models\User;
+use App\Helpers\Helper;
 
 class UsersController extends Controller
 {
@@ -103,7 +104,14 @@ class UsersController extends Controller
      */
     public function store(Request $request)
     {
-        //
+        $this->authorize('view', User::class);
+        $user = new User;
+        $user->fill($request->all());
+
+        if ($user->save()) {
+            return response()->json(Helper::formatStandardApiResponse('success', (new UsersTransformer)->transformUser($user), trans('admin/users/message.create.success')));
+        }
+        return response()->json(Helper::formatStandardApiResponse('error', null, $user->getErrors()));
     }
 
     /**
@@ -132,7 +140,15 @@ class UsersController extends Controller
      */
     public function update(Request $request, $id)
     {
-        //
+        $this->authorize('edit', User::class);
+        $user = User::findOrFail($id);
+        $user->fill($request->all());
+
+        if ($user->save()) {
+            return response()->json(Helper::formatStandardApiResponse('success', (new UsersTransformer)->transformUser($user), trans('admin/users/message.success.update')));
+        }
+
+        return response()->json(Helper::formatStandardApiResponse('error', null, $user->getErrors()));
     }
 
     /**
@@ -145,6 +161,18 @@ class UsersController extends Controller
      */
     public function destroy($id)
     {
-        //
+        $this->authorize('delete', User::class);
+        $user = User::findOrFail($id);
+        $this->authorize('delete', $user);
+
+
+        if ($user->assets()->count() > 0) {
+            return response()->json(Helper::formatStandardApiResponse('error', null,  trans('admin/users/message.error.delete_has_assets')));
+        }
+
+        if ($user->delete()) {
+            return response()->json(Helper::formatStandardApiResponse('success', null,  trans('admin/users/message.success.delete')));
+        }
+        return response()->json(Helper::formatStandardApiResponse('error', null,  trans('admin/users/message.error.delete')));
     }
 }

app/Http/Transformers/UsersTransformer.php

@@ -32,7 +32,11 @@ class UsersTransformer
                     'id' => (int) $user->manager->id,
                     'name'=> e($user->manager->username)
                 ]  : null,
-                'groups' => $user->groups,
+
+                'groups' => ($user->groups) ? [
+                    'id' => (int) $user->userloc->id,
+                    'name'=> e($user->userloc->name)
+                ]  : null,
                 'jobtitle' => ($user->jobtitle) ? e($user->jobtitle) : null,
                 'email' => e($user->email),
                 'department' => ($user->department) ? [

app/Models/User.php

@@ -21,7 +21,7 @@ class User extends SnipeModel implements AuthenticatableContract, CanResetPasswo
     use Notifiable;
     use Presentable;
     protected $dates = ['deleted_at'];
-    protected $hidden = ['password'];
+    protected $hidden = ['password','remember_token','permissions','reset_password_code','persist_code'];
     protected $table = 'users';
     protected $injectUniqueIdentifier = true;
     protected $fillable = [

resources/lang/en/admin/users/message.php

@@ -31,6 +31,7 @@ return array(
         'create' => 'There was an issue creating the user. Please try again.',
         'update' => 'There was an issue updating the user. Please try again.',
         'delete' => 'There was an issue deleting the user. Please try again.',
+        'delete_has_assets' => 'This user has items assigned and could not be deleted.',
         'unsuspend' => 'There was an issue unsuspending the user. Please try again.',
         'import'    => 'There was an issue importing users. Please try again.',
         'asset_already_accepted' => 'This asset has already been accepted.',