From ce1aea51466605e3bc8f001cdc9aad5059af24a8 Mon Sep 17 00:00:00 2001
From: David Bomba <turbo124@gmail.com>
Date: Thu, 16 Jun 2022 15:59:36 +1000
Subject: [PATCH] Docs

---
 app/Http/Requests/Account/UpdateAccountRequest.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/app/Http/Requests/Account/UpdateAccountRequest.php b/app/Http/Requests/Account/UpdateAccountRequest.php
index 9267bcefae2a..a3197f51ee63 100644
--- a/app/Http/Requests/Account/UpdateAccountRequest.php
+++ b/app/Http/Requests/Account/UpdateAccountRequest.php
@@ -26,7 +26,7 @@ class UpdateAccountRequest extends Request
      */
     public function authorize()
     {
-        return auth()->user()->isAdmin() || auth()->user()->isOwner();
+        return (auth()->user()->isAdmin() || auth()->user()->isOwner()) && (int)$this->account->id === auth()->user()->account_id;
     }
 
     /**
@@ -41,6 +41,7 @@ class UpdateAccountRequest extends Request
         ];
     }
 
+    /* Only allow single field to update account table */
     protected function prepareForValidation()
     {
         $input = $this->all();