From 06e9625c64328aa66f6b65b9e8d31f2496f95cb0 Mon Sep 17 00:00:00 2001
From: snipe <snipe@snipe.net>
Date: Fri, 31 May 2024 06:58:07 +0100
Subject: [PATCH] Use hasUser() to avoid table collisions and infinite loop

Signed-off-by: snipe <snipe@snipe.net>
---
 app/Models/Company.php | 16 +++++++++-------
 1 file changed, 9 insertions(+), 7 deletions(-)

diff --git a/app/Models/Company.php b/app/Models/Company.php
index e0e1b8e872..f33992ef74 100644
--- a/app/Models/Company.php
+++ b/app/Models/Company.php
@@ -259,7 +259,7 @@ final class Company extends SnipeModel
     public static function scopeCompanyables($query, $column = 'company_id', $table_name = null)
     {
         // If not logged in and hitting this, assume we are on the command line and don't scope?'
-        if (! static::isFullMultipleCompanySupportEnabled() || (Auth::check() && Auth::user()->isSuperUser()) || (! Auth::check())) {
+        if (! static::isFullMultipleCompanySupportEnabled() || (Auth::hasUser() && Auth::user()->isSuperUser()) || (! Auth::hasUser())) {
             return $query;
         } else {
             return static::scopeCompanyablesDirectly($query, $column, $table_name);
@@ -267,13 +267,16 @@ final class Company extends SnipeModel
     }
 
     /**
-     * Scoping table queries, determining if a logged in user is part of a company, and only allows
+     * Scoping table queries, determining if a logged-in user is part of a company, and only allows
      * that user to see items associated with that company
+     *
+     * @see https://github.com/laravel/framework/pull/24518 for info on Auth::hasUser()
      */
     private static function scopeCompanyablesDirectly($query, $column = 'company_id', $table_name = null)
     {
-        // Get the company ID of the logged in user, or set it to null if there is no company assicoated with the user
-        if (Auth::user()) {
+
+        // Get the company ID of the logged-in user, or set it to null if there is no company associated with the user
+        if (Auth::hasUser()) {
             $company_id = Auth::user()->company_id;
         } else {
             $company_id = null;
@@ -285,9 +288,8 @@ final class Company extends SnipeModel
         // If the column exists in the table, use it to scope the query
         if (\Schema::hasColumn($query->getModel()->getTable(), $column)) {
             return $query->where($table.$column, '=', $company_id);
-        } else {
-            return $query->join('users as users_comp', 'users_comp.id', 'user_id')->where('users_comp.company_id', '=', $company_id);
         }
+
     }
 
     /**
@@ -305,7 +307,7 @@ final class Company extends SnipeModel
 
         if (count($companyable_names) == 0) {
             throw new Exception('No Companyable Children to scope');
-        } elseif (! static::isFullMultipleCompanySupportEnabled() || (Auth::check() && Auth::user()->isSuperUser())) {
+        } elseif (! static::isFullMultipleCompanySupportEnabled() || (Auth::hasUser() && Auth::user()->isSuperUser())) {
             return $query;
         } else {
             $f = function ($q) {