Closed johnRivs closed 4 years ago
These changes are intended. You can't create an Invoice object of an invoice that doesn't belongs to the passed owner.
I see. It's just weird that the way we have to interact with this now is kinda ugly.
@johnRivs actually, upon a second look you're correct. The current behaviour is indeed broken. I'll try to fix it for the next patch release. Thanks for reporting.
Description:
Before 10.4, I used to rely on AccessDeniedHttpException to check if the invoice id belongs to a different customer. Now, this gets in the way. I went from
$invoice = auth()->user()->findInvoiceOrFail($id);
handling 404 and 403 toAre these changes intended?
Steps To Reproduce:
auth()->user()->findInvoiceOrFail($id);
where$id
either belongs to a different customer or invalid id.