From 82f1014407090b4f90210c352ddce3f158aa975b Mon Sep 17 00:00:00 2001 From: developer Date: Tue, 10 Mar 2026 23:10:14 +0800 Subject: [PATCH] =?UTF-8?q?fix!=20=D1=82=D0=B0=D0=B1=D0=BB=D0=B8=D1=86?= =?UTF-8?q?=D0=B0=20=D0=B0=D0=B3=D0=B5=D0=BD=D1=82=D0=BE=D0=B2=20=D0=B4?= =?UTF-8?q?=D0=BB=D1=8F=20=D0=BC=D0=B5=D0=BD=D0=B5=D0=B4=D0=B6=D0=B5=D1=80?= =?UTF-8?q?=D0=B0?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../Company/RestoreAgentController.php | 15 ++++----------- app/Modules/Main/Routes/web.php | 2 +- 2 files changed, 5 insertions(+), 12 deletions(-) diff --git a/app/Modules/Main/Http/Controllers/Company/RestoreAgentController.php b/app/Modules/Main/Http/Controllers/Company/RestoreAgentController.php index f79c629..e7ec944 100644 --- a/app/Modules/Main/Http/Controllers/Company/RestoreAgentController.php +++ b/app/Modules/Main/Http/Controllers/Company/RestoreAgentController.php @@ -10,20 +10,13 @@ class RestoreAgentController extends Controller { - public function __invoke($agentId) + public function __invoke(Request $request, Agent $agent) { - $agent = Agent::withTrashed()->find($agentId); - $admin = CompanyAdmin::where('user_id', auth()->id()) - ->where( - 'company_id', - $agent->company_id - ); - if (!$admin->count()) + if ($request->user()->cannot('update', $agent->company)) { - abort(404); - return; + abort(403, 'Unauthorized action'); } - if (!Agent::where('user_id', $agent->user->id)->count()) + if ($agent->trashed()) { $agent->restore(); } diff --git a/app/Modules/Main/Routes/web.php b/app/Modules/Main/Routes/web.php index 09530f7..061a003 100644 --- a/app/Modules/Main/Routes/web.php +++ b/app/Modules/Main/Routes/web.php @@ -30,7 +30,7 @@ Route::post('/companies/agents/store/', Modules\Main\Http\Controllers\Company\CreateAgentController::class)->name('company.agents.store'); Route::post('/company/agents/{agent}/password/reset/', Modules\Main\Http\Controllers\Company\ResetAgentPasswordController::class)->name('company.agent.password.reset'); Route::get('/company/agents/{agent}/delete', Modules\Main\Http\Controllers\Company\DeleteAgentController::class)->name('company.agents.delete')->withTrashed(); - Route::get('/company/agents/{agent}/restore', Modules\Main\Http\Controllers\Company\RestoreAgentController::class)->name('company.agents.restore'); + Route::get('/company/agents/{agent}/restore', Modules\Main\Http\Controllers\Company\RestoreAgentController::class)->name('company.agents.restore')->withTrashed(); });