diff --git a/app/Http/Controllers/UserController.php b/app/Http/Controllers/UserController.php
index 9541d785c6e1..80f7ef90a6b6 100644
--- a/app/Http/Controllers/UserController.php
+++ b/app/Http/Controllers/UserController.php
@@ -195,7 +195,7 @@ class UserController extends BaseController
     public function destroy(DestroyUserRequest $request, User $user)
     {
         if ($user->isOwner()) {
-            return response()->json(['message', 'Cannot detach owner.'], 400);
+            return response()->json(['message', 'Cannot detach owner.'], 401);
         }
 
         /* If the user passes the company user we archive the company user */
diff --git a/app/Http/Requests/Request.php b/app/Http/Requests/Request.php
index 6a35ed446adc..def035b0c98d 100644
--- a/app/Http/Requests/Request.php
+++ b/app/Http/Requests/Request.php
@@ -20,7 +20,7 @@ class Request extends FormRequest
     use MakesHash;
     use RuntimeFormRequest;
 
-    protected $file_validation = 'sometimes|file|mimes:png,ai,jpeg,tiff,pdf,gif,psd,txt,doc,xls,ppt,xlsx,docx,pptx,webp,xml|max:20000';
+    protected $file_validation = 'sometimes|file|mimes:png,ai,jpeg,tiff,pdf,gif,psd,txt,doc,xls,ppt,xlsx,docx,pptx,webp,xml,zip|max:100000';
     /**
      * Get the validation rules that apply to the request.
      *
@@ -63,14 +63,20 @@ class Request extends FormRequest
 
     private function invoice_id($rules)
     {
-        $rules['invoice_id'] = 'bail|nullable|sometimes|exists:invoices,id,company_id,'.auth()->user()->company()->id.',client_id,'.$this['client_id'];
+        /** @var \App\Models\User $user */
+        $user = auth()->user();
+
+        $rules['invoice_id'] = 'bail|nullable|sometimes|exists:invoices,id,company_id,'.$user->company()->id.',client_id,'.$this['client_id'];
 
         return $rules;
     }
 
     private function vendor_id($rules)
     {
-        $rules['vendor_id'] = 'bail|nullable|sometimes|exists:vendors,id,company_id,'.auth()->user()->company()->id;
+        /** @var \App\Models\User $user */
+        $user = auth()->user();
+
+        $rules['vendor_id'] = 'bail|nullable|sometimes|exists:vendors,id,company_id,'.$user->company()->id;
 
         return $rules;
     }
diff --git a/app/Http/Requests/User/DestroyUserRequest.php b/app/Http/Requests/User/DestroyUserRequest.php
index d2cb5125aad7..c5c50aa7c014 100644
--- a/app/Http/Requests/User/DestroyUserRequest.php
+++ b/app/Http/Requests/User/DestroyUserRequest.php
@@ -23,6 +23,9 @@ class DestroyUserRequest extends Request
      */
     public function authorize() : bool
     {
-        return auth()->user()->isOwner();
+        /** @var \App\Models\User $user */
+        $user = auth()->user();
+
+        return $user->isOwner();
     }
 }
diff --git a/app/Http/Requests/User/ShowUserRequest.php b/app/Http/Requests/User/ShowUserRequest.php
index c49bf9a75590..4eb4fd6f3683 100644
--- a/app/Http/Requests/User/ShowUserRequest.php
+++ b/app/Http/Requests/User/ShowUserRequest.php
@@ -23,7 +23,9 @@ class ShowUserRequest extends Request
      */
     public function authorize() : bool
     {
-        //return auth()->user()->can('view', $this->user);
-        return auth()->user()->isAdmin();
+        /** @var \App\Models\User $user */
+        $user = auth()->user();
+
+        return $user->isAdmin();
     }
 }