diff --git a/app/Modules/Main/Http/Controllers/Company/RestoreAgentController.php b/app/Modules/Main/Http/Controllers/Company/RestoreAgentController.php index f79c629..e7ec944 100644 --- a/app/Modules/Main/Http/Controllers/Company/RestoreAgentController.php +++ b/app/Modules/Main/Http/Controllers/Company/RestoreAgentController.php @@ -10,20 +10,13 @@ class RestoreAgentController extends Controller { - public function __invoke($agentId) + public function __invoke(Request $request, Agent $agent) { - $agent = Agent::withTrashed()->find($agentId); - $admin = CompanyAdmin::where('user_id', auth()->id()) - ->where( - 'company_id', - $agent->company_id - ); - if (!$admin->count()) + if ($request->user()->cannot('update', $agent->company)) { - abort(404); - return; + abort(403, 'Unauthorized action'); } - if (!Agent::where('user_id', $agent->user->id)->count()) + if ($agent->trashed()) { $agent->restore(); } diff --git a/app/Modules/Main/Routes/web.php b/app/Modules/Main/Routes/web.php index 09530f7..061a003 100644 --- a/app/Modules/Main/Routes/web.php +++ b/app/Modules/Main/Routes/web.php @@ -30,7 +30,7 @@ Route::post('/companies/agents/store/', Modules\Main\Http\Controllers\Company\CreateAgentController::class)->name('company.agents.store'); Route::post('/company/agents/{agent}/password/reset/', Modules\Main\Http\Controllers\Company\ResetAgentPasswordController::class)->name('company.agent.password.reset'); Route::get('/company/agents/{agent}/delete', Modules\Main\Http\Controllers\Company\DeleteAgentController::class)->name('company.agents.delete')->withTrashed(); - Route::get('/company/agents/{agent}/restore', Modules\Main\Http\Controllers\Company\RestoreAgentController::class)->name('company.agents.restore'); + Route::get('/company/agents/{agent}/restore', Modules\Main\Http\Controllers\Company\RestoreAgentController::class)->name('company.agents.restore')->withTrashed(); });