miguel456/athenahr
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

fix: ensure invitation feature is properly gated to authorized users and guests

Browse Source 
Signed-off-by: Miguel Nogueira <me@nogueira.codes>
This commit is contained in:
Miguel Nogueira
2025-08-07 21:52:07 +01:00
parent f551576730
commit 927c9e6df0
2 changed files with 15 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
app/Http/Controllers/InvitationController.php
View File

@@ -20,6 +20,8 @@ class InvitationController extends Controller
{
public function index()
{
$this->authorize('viewAny', Invitation::class);
return view('dashboard.administration.invites', [
'invites' => Invitation::all()
]);
@@ -28,6 +30,8 @@ class InvitationController extends Controller
public function requestInvite(InvitationRequest $request)
{
$this->authorize('create', Invitation::class);
$guest = Auth::guest();
$invitation = new Invitation();
@@ -65,6 +69,8 @@ class InvitationController extends Controller
public function approveInvite(ApproveInviteRequest $request, Invitation $invitation)
{
$this->authorize('update', $invitation);
$approvableStates = [
'pending'
];
@@ -93,6 +99,8 @@ class InvitationController extends Controller
public function denyInvite(DenyInviteRequest $request, Invitation $invitation)
{
$this->authorize('update', $invitation);
$declinableStates = [
'pending'
];