From: Vincent Vanwaelscappel <vincent@cubedesigners.com>
Date: Tue, 6 Dec 2022 07:18:02 +0000 (+0100)
Subject: wip #5627 @0.5
X-Git-Url: http://git.cubedesigners.com/?a=commitdiff_plain;h=6e3e0b6c56c034698b44ebb5fcb1be38057b04af;p=cubedesigners_userdatabase.git

wip #5627 @0.5
---

diff --git a/src/app/Models/User.php b/src/app/Models/User.php
index d7afa13..9ad9c8d 100644
--- a/src/app/Models/User.php
+++ b/src/app/Models/User.php
@@ -218,8 +218,11 @@ class User extends CubistMagicAuthenticatable
         if (null === $user) {
             return false;
         }
+        if ($user->company == 7 && !$this->can('loginascube')) {
+            return false;
+        }
         /** @var $user self */
-        return in_array($this->id, $user->getManagedUsers());
+        return in_array($user->id, $this->getManagedUsers());
     }
 
 
diff --git a/src/app/Operations/LoginasOperation.php b/src/app/Operations/LoginasOperation.php
index a384ac0..7fa5439 100644
--- a/src/app/Operations/LoginasOperation.php
+++ b/src/app/Operations/LoginasOperation.php
@@ -20,12 +20,15 @@ trait LoginasOperation
     protected function loginas($id)
     {
         $user = User::find($id);
+        if (!$this->canLoginas($user)) {
+            abort(403);
+        }
         backpack_auth()->login($user);
         return redirect('dashboard');
     }
 
     public function canLoginas($user)
     {
-        return $this->isOwner($user);
+        return backpack_user()->isOwner($user);
     }
 }