diff --git a/src/app/Http/Controllers/API/V4/DomainsController.php b/src/app/Http/Controllers/API/V4/DomainsController.php --- a/src/app/Http/Controllers/API/V4/DomainsController.php +++ b/src/app/Http/Controllers/API/V4/DomainsController.php @@ -69,9 +69,9 @@ */ public function destroy($id) { - $domain = Domain::withEnvTenantContext()->find($id); + $domain = Domain::find($id); - if (empty($domain)) { + if (!$this->checkTenant($domain)) { return $this->errorResponse(404); } @@ -135,7 +135,9 @@ } } - if (empty($request->package) || !($package = \App\Package::withEnvTenantContext()->find($request->package))) { + if (empty($request->package) + || !($package = \App\Package::withObjectTenantContext($owner)->find($request->package)) + ) { $errors = ['package' => self::trans('validation.packagerequired')]; return response()->json(['status' => 'error', 'errors' => $errors], 422); } diff --git a/src/app/Http/Controllers/API/V4/UsersController.php b/src/app/Http/Controllers/API/V4/UsersController.php --- a/src/app/Http/Controllers/API/V4/UsersController.php +++ b/src/app/Http/Controllers/API/V4/UsersController.php @@ -230,7 +230,9 @@ return $error_response; } - if (empty($request->package) || !($package = \App\Package::withEnvTenantContext()->find($request->package))) { + if (empty($request->package) + || !($package = \App\Package::withObjectTenantContext($owner)->find($request->package)) + ) { $errors = ['package' => self::trans('validation.packagerequired')]; return response()->json(['status' => 'error', 'errors' => $errors], 422); } @@ -284,7 +286,11 @@ */ public function update(Request $request, $id) { - $user = User::withEnvTenantContext()->find($id); + $user = User::find($id); + + if (!$this->checkTenant($user)) { + return $this->errorResponse(404); + } if (empty($user)) { return $this->errorResponse(404);