From 3ebcbc034e20f0f4d29ad41111748eec72bb74d0 Mon Sep 17 00:00:00 2001
From: David Bomba <turbo124@gmail.com>
Date: Fri, 15 Dec 2023 14:53:00 +1100
Subject: [PATCH] Prevent owner user from being deleted

---
 app/Http/Controllers/UserController.php | 2 +-
 app/Models/User.php                     | 5 ++++-
 app/Repositories/UserRepository.php     | 2 +-
 3 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/app/Http/Controllers/UserController.php b/app/Http/Controllers/UserController.php
index 03f9f0584d8a..574596fa3b9c 100644
--- a/app/Http/Controllers/UserController.php
+++ b/app/Http/Controllers/UserController.php
@@ -196,7 +196,7 @@ class UserController extends BaseController
      */
     public function destroy(DestroyUserRequest $request, User $user)
     {
-        if ($user->isOwner()) {
+        if ($user->hasOwnerFlag()) {
             return response()->json(['message', 'Cannot detach owner.'], 401);
         }
 
diff --git a/app/Models/User.php b/app/Models/User.php
index d6c023b61269..ca37b13755d5 100644
--- a/app/Models/User.php
+++ b/app/Models/User.php
@@ -372,9 +372,12 @@ class User extends Authenticatable implements MustVerifyEmail
     public function isOwner() : bool
     {
         return $this->token()->cu->is_owner;
-
     }
 
+    public function hasOwnerFlag(): bool
+    {
+        return $this->company_users()->where('is_owner',true)->exists();
+    }
     /**
      * Returns true is user is an admin _or_ owner
      *
diff --git a/app/Repositories/UserRepository.php b/app/Repositories/UserRepository.php
index 287d2d156a16..8a4996e04506 100644
--- a/app/Repositories/UserRepository.php
+++ b/app/Repositories/UserRepository.php
@@ -120,7 +120,7 @@ class UserRepository extends BaseRepository
 
     public function destroy(array $data, User $user)
     {
-        if ($user->isOwner()) {
+        if ($user->hasOwnerFlag()) {
             return $user;
         }