From: Vincent Vanwaelscappel <vincent@cubedesigners.com>
Date: Fri, 21 Apr 2023 17:20:51 +0000 (+0200)
Subject: wip #5873
X-Git-Url: http://git.cubedesigners.com/?a=commitdiff_plain;h=88d28b5404ec572ffc86a0dd75ec5a3032e8e2c5;p=cubedesigners_userdatabase.git

wip #5873
---

diff --git a/src/app/Operations/LoginasOperation.php b/src/app/Operations/LoginasOperation.php
index 55df875..baaa820 100644
--- a/src/app/Operations/LoginasOperation.php
+++ b/src/app/Operations/LoginasOperation.php
@@ -2,6 +2,7 @@
 
 namespace Cubedesigners\UserDatabase\Operations;
 
+use Cubedesigners\UserDatabase\Models\Company;
 use Cubedesigners\UserDatabase\Models\User;
 use Illuminate\Support\Facades\Route;
 
@@ -20,7 +21,15 @@ trait LoginasOperation
     protected function loginas($id)
     {
         set_time_limit(0);
-        $user = User::find($id);
+        /** @var User $user */
+        $user = User::where('id', $id)->where('enabled', '1')->first();
+        if (null === $user) {
+            abort(404);
+        }
+        $company = Company::find($user->company);
+        if (null === $company || !$company->toolbox_access) {
+            abort(404);
+        }
         if (!$this->canLoginas($user)) {
             abort(403);
         }