Added individual gates to keep response consistent with other company-ed things

Signed-off-by: snipe <snipe@snipe.net>

app/Http/Controllers/Users/UsersController.php

@@ -432,13 +432,15 @@ class UsersController extends Controller
      */
     public function show($userId = null)
     {
-
+        // Make sure the user can view users at all
-        // We can use the more generic auth check here since the company scoping is happening at the query level
         $this->authorize('view', User::class);
 
         $user = User::with('assets', 'assets.model', 'consumables', 'accessories', 'licenses', 'userloc')->withTrashed();
         $user = Company::scopeCompanyables($user)->find($userId);
 
+        // Make sure they can view this particular user
+        $this->authorize('view', $user);
+
         if ($user) {
             $userlog = $user->userlog->load('item');
             return view('users/view', compact('user', 'userlog'))->with('settings', Setting::getSettings());
@@ -472,6 +474,10 @@ class UsersController extends Controller
         $user_to_clone = User::with('assets', 'assets.model', 'consumables', 'accessories', 'licenses', 'userloc')->withTrashed();
         $user_to_clone = Company::scopeCompanyables($user_to_clone)->find($id);
 
+        // Make sure they can view this particular user
+        $this->authorize('view', $user_to_clone);
+
+
         if ($user_to_clone) {
 
 
@@ -614,6 +620,10 @@ class UsersController extends Controller
     {
         $this->authorize('view', User::class);
         $show_user = Company::scopeCompanyables(User::where('id', $id)->withTrashed()->first());
+
+        // Make sure they can view this particular user
+        $this->authorize('view', $show_user);
+
         $assets = Asset::where('assigned_to', $id)->where('assigned_type', User::class)->with('model', 'model.category')->get();
         $accessories = $show_user->accessories()->get();
         $consumables = $show_user->consumables()->get();
@@ -638,16 +648,23 @@ class UsersController extends Controller
     {
         $this->authorize('view', User::class);
 
-        if (!$user = Company::scopeCompanyables(User::find($id))) {
+        $user = Company::scopeCompanyables(User::find($id));
-            return redirect()->back()
+
-                ->with('error', trans('admin/users/message.user_not_found', ['id' => $id]));
+        // Make sure they can view this particular user
-        }
+        $this->authorize('view', $user);
-        if (empty($user->email)) {
+
-            return redirect()->back()->with('error', trans('admin/users/message.user_has_no_email'));
+        if ($user) {
+
+            if (empty($user->email)) {
+                return redirect()->back()->with('error', trans('admin/users/message.user_has_no_email'));
+            }
+
+            $user->notify((new CurrentInventory($user)));
+            return redirect()->back()->with('success', trans('admin/users/general.user_notified'));
         }
 
-        $user->notify((new CurrentInventory($user)));
+        return redirect()->back()->with('error', trans('admin/users/message.user_not_found', ['id' => $id]));
-        return redirect()->back()->with('success', trans('admin/users/general.user_notified'));
+
     }
 
     /**
@@ -665,13 +682,13 @@ class UsersController extends Controller
             try {
 
                 Password::sendResetLink($credentials);
-
                 return redirect()->back()->with('success', trans('admin/users/message.password_reset_sent', ['email' => $user->email]));
+
             } catch (\Exception $e) {
-                return redirect()->back()->with('error', ' Error sending email. :( ');
+                return redirect()->back()->with('error', trans('general.error_sending_email'));
             }
         }
 
-        return redirect()->back()->with('error', 'User is not activated, is LDAP synced, or does not have an email address ');
+        return redirect()->back()->with('error', trans('general.pwd_reset_not_sent'));
     }
 }