From df87c82ddc9c3735c73d1e5a30ea754be1d47d75 Mon Sep 17 00:00:00 2001
From: snipe <snipe@snipe.net>
Date: Thu, 3 Aug 2017 19:50:18 -0700
Subject: [PATCH] Fixes #3805 - add/update/delete methods for User API

---
 app/Http/Controllers/Api/UsersController.php | 34 ++++++++++++++++++--
 app/Http/Transformers/UsersTransformer.php   |  6 +++-
 app/Models/User.php                          |  2 +-
 resources/lang/en/admin/users/message.php    |  1 +
 4 files changed, 38 insertions(+), 5 deletions(-)

diff --git a/app/Http/Controllers/Api/UsersController.php b/app/Http/Controllers/Api/UsersController.php
index 40bff833e9..04c8e93c2d 100644
--- a/app/Http/Controllers/Api/UsersController.php
+++ b/app/Http/Controllers/Api/UsersController.php
@@ -7,6 +7,7 @@ use App\Http\Controllers\Controller;
 use App\Http\Transformers\UsersTransformer;
 use App\Models\Company;
 use App\Models\User;
+use App\Helpers\Helper;
 
 class UsersController extends Controller
 {
@@ -103,7 +104,14 @@ class UsersController extends Controller
      */
     public function store(Request $request)
     {
-        //
+        $this->authorize('view', User::class);
+        $user = new User;
+        $user->fill($request->all());
+
+        if ($user->save()) {
+            return response()->json(Helper::formatStandardApiResponse('success', (new UsersTransformer)->transformUser($user), trans('admin/users/message.create.success')));
+        }
+        return response()->json(Helper::formatStandardApiResponse('error', null, $user->getErrors()));
     }
 
     /**
@@ -132,7 +140,15 @@ class UsersController extends Controller
      */
     public function update(Request $request, $id)
     {
-        //
+        $this->authorize('edit', User::class);
+        $user = User::findOrFail($id);
+        $user->fill($request->all());
+
+        if ($user->save()) {
+            return response()->json(Helper::formatStandardApiResponse('success', (new UsersTransformer)->transformUser($user), trans('admin/users/message.success.update')));
+        }
+
+        return response()->json(Helper::formatStandardApiResponse('error', null, $user->getErrors()));
     }
 
     /**
@@ -145,6 +161,18 @@ class UsersController extends Controller
      */
     public function destroy($id)
     {
-        //
+        $this->authorize('delete', User::class);
+        $user = User::findOrFail($id);
+        $this->authorize('delete', $user);
+
+
+        if ($user->assets()->count() > 0) {
+            return response()->json(Helper::formatStandardApiResponse('error', null,  trans('admin/users/message.error.delete_has_assets')));
+        }
+
+        if ($user->delete()) {
+            return response()->json(Helper::formatStandardApiResponse('success', null,  trans('admin/users/message.success.delete')));
+        }
+        return response()->json(Helper::formatStandardApiResponse('error', null,  trans('admin/users/message.error.delete')));
     }
 }
diff --git a/app/Http/Transformers/UsersTransformer.php b/app/Http/Transformers/UsersTransformer.php
index 33fdd4adbc..f63d567c79 100644
--- a/app/Http/Transformers/UsersTransformer.php
+++ b/app/Http/Transformers/UsersTransformer.php
@@ -32,7 +32,11 @@ class UsersTransformer
                     'id' => (int) $user->manager->id,
                     'name'=> e($user->manager->username)
                 ]  : null,
-                'groups' => $user->groups,
+
+                'groups' => ($user->groups) ? [
+                    'id' => (int) $user->userloc->id,
+                    'name'=> e($user->userloc->name)
+                ]  : null,
                 'jobtitle' => ($user->jobtitle) ? e($user->jobtitle) : null,
                 'email' => e($user->email),
                 'department' => ($user->department) ? [
diff --git a/app/Models/User.php b/app/Models/User.php
index 1522d75e6a..bc142a3c45 100755
--- a/app/Models/User.php
+++ b/app/Models/User.php
@@ -21,7 +21,7 @@ class User extends SnipeModel implements AuthenticatableContract, CanResetPasswo
     use Notifiable;
     use Presentable;
     protected $dates = ['deleted_at'];
-    protected $hidden = ['password'];
+    protected $hidden = ['password','remember_token','permissions','reset_password_code','persist_code'];
     protected $table = 'users';
     protected $injectUniqueIdentifier = true;
     protected $fillable = [
diff --git a/resources/lang/en/admin/users/message.php b/resources/lang/en/admin/users/message.php
index 36bb0a9a9d..ef41b2a820 100644
--- a/resources/lang/en/admin/users/message.php
+++ b/resources/lang/en/admin/users/message.php
@@ -31,6 +31,7 @@ return array(
         'create' => 'There was an issue creating the user. Please try again.',
         'update' => 'There was an issue updating the user. Please try again.',
         'delete' => 'There was an issue deleting the user. Please try again.',
+        'delete_has_assets' => 'This user has items assigned and could not be deleted.',
         'unsuspend' => 'There was an issue unsuspending the user. Please try again.',
         'import'    => 'There was an issue importing users. Please try again.',
         'asset_already_accepted' => 'This asset has already been accepted.',