all(); Guard::requireLogin(); $authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class); $uuid = trim((string) ($id ?? '')); if ($uuid === '') { Router::redirect('admin/tenants'); return; } $tenant = app(\MintyPHP\Service\Tenant\TenantService::class)->findByUuid($uuid); if (!$tenant) { if (Request::wantsJson()) { http_response_code(404); Router::json(['error' => 'not_found']); return; } Flash::error('Tenant not found', 'admin/tenants', 'tenant_not_found'); Router::redirect('admin/tenants'); return; } $currentUserId = (int) ($session['user']['id'] ?? 0); $tenantId = (int) ($tenant['id'] ?? 0); $decision = $authorizationService->authorize(TenantAuthorizationPolicy::ABILITY_ADMIN_TENANTS_DELETE, [ 'actor_user_id' => $currentUserId, 'target_tenant_id' => $tenantId, ]); if (!$decision->isAllowed()) { if (Request::wantsJson()) { http_response_code($decision->status()); Router::json(['error' => $decision->error()]); return; } Router::redirect('error/forbidden'); return; } $result = app(\MintyPHP\Service\Tenant\TenantService::class)->deleteByUuid($uuid); if (!($result['ok'] ?? false)) { $error = $result['error'] ?? 'not_found'; $status = $result['status'] ?? 500; if (Request::wantsJson()) { http_response_code($status); Router::json(['error' => $error]); return; } if ($error === 'tenant_has_departments') { Flash::error('Tenant can not be deleted while departments are assigned', 'admin/tenants', 'tenant_has_departments'); Router::redirect('admin/tenants'); return; } Flash::error('Tenant not found', 'admin/tenants', 'tenant_not_found'); Router::redirect('admin/tenants'); return; } // Refresh session tenant data (removes deleted tenant, switches if it was current) if ($currentUserId > 0) { app(\MintyPHP\Service\Auth\AuthService::class)->loadTenantDataIntoSession($currentUserId); } if (Request::wantsJson()) { http_response_code(204); Router::json([]); return; } Flash::success('Tenant deleted', 'admin/tenants', 'tenant_deleted'); Router::redirect('admin/tenants');