Behaviour for finding an invoice has changed.

[johnRivs]

• Cashier Version: starts in 10.4 though I'm on 10.5.2
• Laravel Version: 6.10.1
• PHP Version: 7.3
• Database Driver & Version: n/a

Description:

Before 10.4, I used to rely on AccessDeniedHttpException to check if the invoice id belongs to a different customer. Now, this gets in the way. I went from $invoice = auth()->user()->findInvoiceOrFail($id); handling 404 and 403 to

try {
    $invoice = auth()->user()->negocio->findInvoiceOrFail($id);
} catch (Throwable $th) {
    abort_if(strpos($th->getMessage(), 'does not belong to this customer'), 403); // Generic exception
    abort_if(class_basename($th) === 'NotFoundHttpException', 404); // $th->getCode() doesn't return 404 ¯\_(ツ)_/¯
}

Are these changes intended?

Steps To Reproduce:

auth()->user()->findInvoiceOrFail($id); where $id either belongs to a different customer or invalid id.

[driesvints]

These changes are intended. You can't create an Invoice object of an invoice that doesn't belongs to the passed owner.

[johnRivs]

I see. It's just weird that the way we have to interact with this now is kinda ugly.

[driesvints]

@johnRivs actually, upon a second look you're correct. The current behaviour is indeed broken. I'll try to fix it for the next patch release. Thanks for reporting.