From c7f5a5cd9c9d8b4ada2b2bf894f555049d52830d Mon Sep 17 00:00:00 2001 From: Hillel Coren Date: Mon, 26 Mar 2018 22:31:24 +0300 Subject: [PATCH] =?UTF-8?q?Add=20check=20to=20prevent=20changing=20contact?= =?UTF-8?q?=E2=80=99s=20client=20id?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- app/Models/Client.php | 2 +- app/Models/Vendor.php | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/app/Models/Client.php b/app/Models/Client.php index de128945adb3..24b45e131fc2 100644 --- a/app/Models/Client.php +++ b/app/Models/Client.php @@ -262,7 +262,7 @@ class Client extends EntityModel // check if this client wasRecentlyCreated to ensure a new contact is // always created even if the request includes a contact id if (! $this->wasRecentlyCreated && $publicId && $publicId != '-1') { - $contact = Contact::scope($publicId)->firstOrFail(); + $contact = Contact::scope($publicId)->whereClientId($this->id)->firstOrFail(); } else { $contact = Contact::createNew(); $contact->send_invoice = true; diff --git a/app/Models/Vendor.php b/app/Models/Vendor.php index 4f4a7112d33d..afc48afbc21f 100644 --- a/app/Models/Vendor.php +++ b/app/Models/Vendor.php @@ -216,8 +216,8 @@ class Vendor extends EntityModel { $publicId = isset($data['public_id']) ? $data['public_id'] : (isset($data['id']) ? $data['id'] : false); - if ($publicId && $publicId != '-1') { - $contact = VendorContact::scope($publicId)->firstOrFail(); + if (! $this->wasRecentlyCreated && $publicId && $publicId != '-1') { + $contact = VendorContact::scope($publicId)->whereVendorId($this->id)->firstOrFail(); } else { $contact = VendorContact::createNew(); }