fix: fix bypass invitation (#5127)

monicahq · Apr 30, 2021 · d889475 · d889475
1 parent 3d66188
commit d889475
Showing 1 changed file with 5 additions and 0 deletions.
diff --git a/app/Http/Controllers/SettingsController.php b/app/Http/Controllers/SettingsController.php
@@ -22,6 +22,7 @@
 use LaravelWebauthn\Models\WebauthnKey;
 use App\Http\Requests\InvitationRequest;
 use App\Services\Contact\Tag\DestroyTag;
+use App\Exceptions\AccountLimitException;
 use App\Services\Account\Settings\ResetAccount;
 use App\Services\Account\Settings\DestroyAccount;
 use PragmaRX\Google2FALaravel\Facade as Google2FA;
@@ -300,6 +301,10 @@ public function addUser()
      */
     public function inviteUser(InvitationRequest $request)
     {
+        if (AccountHelper::hasLimitations(auth()->user()->account)) {
+            throw new AccountLimitException();
+        }
+
         // Make sure the confirmation to invite has not been bypassed
         if (! $request->input('confirmation')) {
             return redirect()->back()->withErrors(trans('settings.users_error_please_confirm'))->withInput();