From 4b02db5031cb4e8f850a9ea942e99efe449c8895 Mon Sep 17 00:00:00 2001
From: Marcus Moore <contact@marcusmoore.io>
Date: Mon, 23 Sep 2024 16:26:22 -0700
Subject: [PATCH] Add authorization check in bulk users controller

---
 app/Http/Controllers/Users/BulkUsersController.php | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/app/Http/Controllers/Users/BulkUsersController.php b/app/Http/Controllers/Users/BulkUsersController.php
index 60d5bb3713..36b20973a7 100644
--- a/app/Http/Controllers/Users/BulkUsersController.php
+++ b/app/Http/Controllers/Users/BulkUsersController.php
@@ -99,6 +99,8 @@ class BulkUsersController extends Controller
                     ->withTrashed()
                     ->findMany($request->input('ids'));
 
+                $users->each(fn($user) => $this->authorize('view', $user));
+
                 return view('users.print')
                     ->with('users', $users)
                     ->with('settings', Setting::getSettings());