From 5c091d86908c23930cfefeb470f1d0e5ccbcabf9 Mon Sep 17 00:00:00 2001
From: snipe <snipe@snipe.net>
Date: Wed, 17 Dec 2025 15:31:57 +0000
Subject: [PATCH] DIsable delete button if user cannot delete the user

---
 app/Http/Transformers/UsersTransformer.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/Http/Transformers/UsersTransformer.php b/app/Http/Transformers/UsersTransformer.php
index a717e0afc5..3d424b23c6 100644
--- a/app/Http/Transformers/UsersTransformer.php
+++ b/app/Http/Transformers/UsersTransformer.php
@@ -101,7 +101,7 @@ class UsersTransformer
 
         $permissions_array['available_actions'] = [
             'update' => (Gate::allows('update', User::class) && ($user->deleted_at == '')),
-            'delete' => $user->isDeletable(),
+            'delete' => ($user->isDeletable() && (auth()->user()->can('canEditAuthFields', $user) && auth()->user()->can('editableOnDemo'))),
             'clone' => (Gate::allows('create', User::class) && ($user->deleted_at == '')),
             'restore' => (Gate::allows('create', User::class) && ($user->deleted_at != '')),
         ];