From c71ed5b93ea697d99e983ac3e6157f479c54ecb6 Mon Sep 17 00:00:00 2001
From: Chinedu Okemiri <jokemiri@gmail.com>
Date: Sat, 20 Jun 2020 14:15:49 +0100
Subject: [PATCH] Updated Super Admin Modification Constraints

---
 app/Helpers/Qs.php                                  |  6 ++++++
 app/Http/Controllers/SupportTeam/UserController.php | 11 +++++++++++
 2 files changed, 17 insertions(+)

diff --git a/app/Helpers/Qs.php b/app/Helpers/Qs.php
index e044c17e..e6f61459 100644
--- a/app/Helpers/Qs.php
+++ b/app/Helpers/Qs.php
@@ -181,6 +181,12 @@ public static function getStaff($remove=[])
         return $remove ? array_values(array_diff($data, $remove)) : $data;
     }
 
+    // Check if User is Head of Super Admins (Untouchable)
+    public static function headSA(int $user_id)
+    {
+        return $user_id === 1;
+    }
+
     public static function userIsPTA()
     {
         return in_array(Auth::user()->user_type, self::getPTA());
diff --git a/app/Http/Controllers/SupportTeam/UserController.php b/app/Http/Controllers/SupportTeam/UserController.php
index 14c6511e..c1a8347a 100644
--- a/app/Http/Controllers/SupportTeam/UserController.php
+++ b/app/Http/Controllers/SupportTeam/UserController.php
@@ -106,6 +106,12 @@ public function store(UserRequest $req)
     public function update(UserRequest $req, $id)
     {
         $id = Qs::decodeHash($id);
+
+        // Redirect if Making Changes to Head of Super Admins
+        if(Qs::headSA($id)){
+            return Qs::json(__('msg.denied'), FALSE);
+        }
+
         $user = $this->user->find($id);
 
         $user_type = $user->user_type;
@@ -161,6 +167,11 @@ public function destroy($id)
     {
         $id = Qs::decodeHash($id);
 
+        // Redirect if Making Changes to Head of Super Admins
+        if(Qs::headSA($id)){
+            return Qs::json(__('msg.denied'), FALSE);
+        }
+
         $user = $this->user->find($id);
 
         if($user->user_type == 'teacher' && $this->userTeachesSubject($user)) {