diff --git a/app/Http/Controllers/LocationsController.php b/app/Http/Controllers/LocationsController.php
index 9e0bd6bfb..da4e6a7e4 100755
--- a/app/Http/Controllers/LocationsController.php
+++ b/app/Http/Controllers/LocationsController.php
@@ -66,6 +66,7 @@ class LocationsController extends Controller
     public function store(ImageUploadRequest $request) : RedirectResponse
     {
         $this->authorize('create', Location::class);
+        
         $location = new Location();
         $location->name = $request->input('name');
         $location->parent_id = $request->input('parent_id', null);
@@ -150,7 +151,7 @@ class LocationsController extends Controller
         if (Setting::getSettings()->scope_locations_fmcs) {
             $location->company_id = Company::getIdForCurrentUser($request->input('company_id'));
             // check if there are related objects with different company
-            if (Helper::test_locations_fmcs(false, $locationId, $location->company_id)) {
+            if (Helper::test_locations_fmcs(false, $location->id, $location->company_id)) {
                 return redirect()->back()->withInput()->withInput()->with('error', 'error scoped locations');
             }            
         } else {
@@ -176,6 +177,7 @@ class LocationsController extends Controller
     public function destroy($locationId) : RedirectResponse
     {
         $this->authorize('delete', Location::class);
+
         if (is_null($location = Location::find($locationId))) {
             return redirect()->to(route('locations.index'))->with('error', trans('admin/locations/message.does_not_exist'));
         }
@@ -212,6 +214,8 @@ class LocationsController extends Controller
      */
     public function show(Location $location) : View | RedirectResponse
     {
+        $this->authorize('view', Location::class);
+
         $location = Location::withCount('assignedAssets as assigned_assets_count')
             ->withCount('assets as assets_count')
             ->withCount('rtd_assets as rtd_assets_count')
@@ -229,6 +233,8 @@ class LocationsController extends Controller
 
     public function print_assigned($id) : View | RedirectResponse
     {
+        $this->authorize('view', Location::class);
+
         if ($location = Location::where('id', $id)->first()) {
             $parent = Location::where('id', $location->parent_id)->first();
             $manager = User::where('id', $location->manager_id)->first();
@@ -313,6 +319,7 @@ class LocationsController extends Controller
     }
     public function print_all_assigned($id) : View | RedirectResponse
     {
+        $this->authorize('view', Location::class);
         if ($location = Location::where('id', $id)->first()) {
             $parent = Location::where('id', $location->parent_id)->first();
             $manager = User::where('id', $location->manager_id)->first();
@@ -339,6 +346,8 @@ class LocationsController extends Controller
      */
     public function postBulkDelete(Request $request) : View | RedirectResponse
     {
+        $this->authorize('update', Location::class);
+
         $locations_raw_array = $request->input('ids');
 
         // Make sure some IDs have been selected
@@ -372,6 +381,8 @@ class LocationsController extends Controller
      */
     public function postBulkDeleteStore(Request $request) : RedirectResponse
     {
+        $this->authorize('delete', Location::class);
+
         $locations_raw_array = $request->input('ids');
 
         if ((is_array($locations_raw_array)) && (count($locations_raw_array) > 0)) {
diff --git a/tests/Feature/Locations/Ui/ShowLocationTest.php b/tests/Feature/Locations/Ui/ShowLocationTest.php
index 394ed73f4..023ba06df 100644
--- a/tests/Feature/Locations/Ui/ShowLocationTest.php
+++ b/tests/Feature/Locations/Ui/ShowLocationTest.php
@@ -14,4 +14,27 @@ class ShowLocationTest extends TestCase
             ->get(route('locations.show', Location::factory()->create()))
             ->assertOk();
     }
+
+    public function testDeniesAccessToRegularUser()
+    {
+        $this->actingAs(User::factory()->create())
+            ->get(route('locations.show', Location::factory()->create()))
+            ->assertStatus(403)
+            ->assertForbidden();
+    }
+
+    public function testDeniesPrintAccessToRegularUser()
+    {
+        $this->actingAs(User::factory()->create())
+            ->get(route('locations.print_all_assigned', Location::factory()->create()))
+            ->assertStatus(403)
+            ->assertForbidden();
+    }
+
+    public function testPageRendersForSuperAdmin()
+    {
+        $this->actingAs(User::factory()->superuser()->create())
+            ->get(route('locations.print_all_assigned', Location::factory()->create()))
+            ->assertOk();
+    }
 }
diff --git a/tests/Feature/Settings/LdapSettingsTest.php b/tests/Feature/Settings/LdapSettingsTest.php
index 154a44138..6d690fd89 100644
--- a/tests/Feature/Settings/LdapSettingsTest.php
+++ b/tests/Feature/Settings/LdapSettingsTest.php
@@ -51,8 +51,6 @@ class LdapSettingsTest extends TestCase
             ->assertSessionHasErrors([
                 'ldap_username_field',
                 'ldap_auth_filter_query',
-                'ldap_uname',
-                'ldap_pword',
                 'ldap_basedn',
                 'ldap_fname_field',
                 'ldap_server',