diff --git a/app/Models/Company.php b/app/Models/Company.php index 567680d8f6..276824141f 100644 --- a/app/Models/Company.php +++ b/app/Models/Company.php @@ -131,7 +131,7 @@ final class Company extends SnipeModel public static function isCurrentUserHasAccess($companyable) { // When would this even happen tho?? - if (is_null($companyable)) { + if (!$companyable) { return false; } diff --git a/app/Policies/SnipePermissionsPolicy.php b/app/Policies/SnipePermissionsPolicy.php index 93d6074cdb..96c94cd776 100644 --- a/app/Policies/SnipePermissionsPolicy.php +++ b/app/Policies/SnipePermissionsPolicy.php @@ -52,6 +52,16 @@ abstract class SnipePermissionsPolicy return true; } + /** + * If we got here by $this→authorize('something', $actualModel) then we can continue on Il but if we got here + * via $this→authorize('something', Model::class) then calling Company:: isCurrentUserHasAccess($item) gets weird. + * Bail out here by returning "nothing" and allow the relevant method lower in this class to be called and handle authorization. + */ + if (!$item instanceof Model){ + return; + } + + /** * The Company::isCurrentUserHasAccess() method from the company model handles the check for FMCS already so we * don't have to do that here.