From 3e8b7d9c94a8486a3de1744a70bdcc45b49b4a7c Mon Sep 17 00:00:00 2001
From: snipe <snipe@snipe.net>
Date: Thu, 3 Aug 2017 19:49:41 -0700
Subject: [PATCH] Check for overall asset delete permissions before checking to
 see if the user can delete that specific asset

---
 app/Http/Controllers/Api/AssetsController.php | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/app/Http/Controllers/Api/AssetsController.php b/app/Http/Controllers/Api/AssetsController.php
index f7f6da409..b400a04e2 100644
--- a/app/Http/Controllers/Api/AssetsController.php
+++ b/app/Http/Controllers/Api/AssetsController.php
@@ -373,7 +373,10 @@ class AssetsController extends Controller
      */
     public function destroy($id)
     {
+        $this->authorize('delete', Asset::class);
+
         if ($asset = Asset::find($id)) {
+
             $this->authorize('delete', $asset);
 
             DB::table('assets')