wip #5873

diff --git a/src/app/Operations/LoginasOperation.php b/src/app/Operations/LoginasOperation.php
index 55df875772ec5083ad051909d3fa6c03cc7702ae..baaa820eebf43cfdc971e88053b80100f19ea2b8 100644 (file)
--- a/src/app/Operations/LoginasOperation.php
+++ b/src/app/Operations/LoginasOperation.php
@@ -2,6 +2,7 @@
 
 namespace Cubedesigners\UserDatabase\Operations;
 
+use Cubedesigners\UserDatabase\Models\Company;
 use Cubedesigners\UserDatabase\Models\User;
 use Illuminate\Support\Facades\Route;
 
@@ -20,7 +21,15 @@ trait LoginasOperation
     protected function loginas($id)
     {
         set_time_limit(0);
-        $user = User::find($id);
+        /** @var User $user */
+        $user = User::where('id', $id)->where('enabled', '1')->first();
+        if (null === $user) {
+            abort(404);
+        }
+        $company = Company::find($user->company);
+        if (null === $company || !$company->toolbox_access) {
+            abort(404);
+        }
         if (!$this->canLoginas($user)) {
             abort(403);
         }