Closed sirnails closed 3 months ago
Implement comprehensive authorization checks in QuoteController
authorizeUser
method to QuoteController
to ensure only authorized users can access or modify quotes.create
add_item
edit_item
delete_item
show
edit_quote
move_item_up
move_item_down
print
deleteAllQuoteItems
deleteQuote
footer.php
to reflect the changes related to authorized access checks.
Describe the bug Creating a quote as one user can be seen by other users, this information should be protected.
To Reproduce Steps to reproduce the behavior:
Expected behavior if the user viewing was not the user to create, the page should just list the authenticated users quotes and not display the contents of a quote for other usres