diff --git a/backend/app/Http/Actions/Orders/GetOrderAction.php b/backend/app/Http/Actions/Orders/GetOrderAction.php index 0d399cacae..6947037904 100644 --- a/backend/app/Http/Actions/Orders/GetOrderAction.php +++ b/backend/app/Http/Actions/Orders/GetOrderAction.php @@ -4,8 +4,10 @@ use HiEvents\DomainObjects\AttendeeDomainObject; use HiEvents\DomainObjects\EventDomainObject; +use HiEvents\DomainObjects\Generated\OrderDomainObjectAbstract; use HiEvents\DomainObjects\OrderItemDomainObject; use HiEvents\DomainObjects\QuestionAndAnswerViewDomainObject; +use HiEvents\Exceptions\ResourceNotFoundException; use HiEvents\Http\Actions\BaseAction; use HiEvents\Repository\Eloquent\Value\OrderAndDirection; use HiEvents\Repository\Eloquent\Value\Relationship; @@ -22,6 +24,9 @@ public function __construct(OrderRepositoryInterface $orderRepository) $this->orderRepository = $orderRepository; } + /** + * @throws ResourceNotFoundException + */ public function __invoke(int $eventId, int $orderId): JsonResponse { $this->isActionAuthorized($eventId, EventDomainObject::class); @@ -32,7 +37,14 @@ public function __invoke(int $eventId, int $orderId): JsonResponse ->loadRelation(new Relationship(domainObject: QuestionAndAnswerViewDomainObject::class, orderAndDirections: [ new OrderAndDirection(order: 'question_id'), ])) - ->findById($orderId); + ->findFirstWhere([ + OrderDomainObjectAbstract::ID => $orderId, + OrderDomainObjectAbstract::EVENT_ID => $eventId, + ]); + + if ($order === null) { + throw new ResourceNotFoundException(__('Order not found')); + } return $this->resourceResponse(OrderResource::class, $order); } diff --git a/backend/app/Http/Actions/Questions/GetQuestionAction.php b/backend/app/Http/Actions/Questions/GetQuestionAction.php index 6701e7ce3f..6859f9549e 100644 --- a/backend/app/Http/Actions/Questions/GetQuestionAction.php +++ b/backend/app/Http/Actions/Questions/GetQuestionAction.php @@ -3,7 +3,9 @@ namespace HiEvents\Http\Actions\Questions; use HiEvents\DomainObjects\EventDomainObject; +use HiEvents\DomainObjects\Generated\QuestionDomainObjectAbstract; use HiEvents\DomainObjects\ProductDomainObject; +use HiEvents\Exceptions\ResourceNotFoundException; use HiEvents\Http\Actions\BaseAction; use HiEvents\Repository\Interfaces\QuestionRepositoryInterface; use HiEvents\Resources\Question\QuestionResource; @@ -19,14 +21,24 @@ public function __construct(QuestionRepositoryInterface $questionRepository) $this->questionRepository = $questionRepository; } + /** + * @throws ResourceNotFoundException + */ public function __invoke(Request $request, int $eventId, int $questionId): JsonResponse { $this->isActionAuthorized($eventId, EventDomainObject::class); - $questions = $this->questionRepository + $question = $this->questionRepository ->loadRelation(ProductDomainObject::class) - ->findById($questionId); + ->findFirstWhere([ + QuestionDomainObjectAbstract::ID => $questionId, + QuestionDomainObjectAbstract::EVENT_ID => $eventId, + ]); - return $this->resourceResponse(QuestionResource::class, $questions); + if ($question === null) { + throw new ResourceNotFoundException(__('Question not found')); + } + + return $this->resourceResponse(QuestionResource::class, $question); } } diff --git a/backend/app/Services/Application/Handlers/Attendee/PartialEditAttendeeHandler.php b/backend/app/Services/Application/Handlers/Attendee/PartialEditAttendeeHandler.php index 0256ccd6bc..393dd0ecce 100644 --- a/backend/app/Services/Application/Handlers/Attendee/PartialEditAttendeeHandler.php +++ b/backend/app/Services/Application/Handlers/Attendee/PartialEditAttendeeHandler.php @@ -102,7 +102,14 @@ private function adjustEventStatistics(PartialEditAttendeeDTO $data, AttendeeDom { if ($data->status === AttendeeStatus::CANCELLED->name) { // Get the order to access the creation date for daily statistics - $order = $this->orderRepository->findById($attendee->getOrderId()); + $order = $this->orderRepository->findFirstWhere([ + 'id' => $attendee->getOrderId(), + 'event_id' => $attendee->getEventId(), + ]); + + if ($order === null) { + return; + } $this->eventStatisticsCancellationService->decrementForCancelledAttendee( eventId: $attendee->getEventId(), diff --git a/backend/app/Services/Application/Handlers/Event/UpdateEventStatusHandler.php b/backend/app/Services/Application/Handlers/Event/UpdateEventStatusHandler.php index 49c7bd46be..175e1e3045 100644 --- a/backend/app/Services/Application/Handlers/Event/UpdateEventStatusHandler.php +++ b/backend/app/Services/Application/Handlers/Event/UpdateEventStatusHandler.php @@ -49,7 +49,10 @@ private function updateEventStatus(UpdateEventStatusDTO $updateEventStatusDTO): $this->eventRepository->updateWhere( attributes: ['status' => $updateEventStatusDTO->status], - where: ['id' => $updateEventStatusDTO->eventId] + where: [ + 'id' => $updateEventStatusDTO->eventId, + 'account_id' => $updateEventStatusDTO->accountId, + ] ); $this->logger->info('Event status updated', [ @@ -57,6 +60,9 @@ private function updateEventStatus(UpdateEventStatusDTO $updateEventStatusDTO): 'status' => $updateEventStatusDTO->status ]); - return $this->eventRepository->findById($updateEventStatusDTO->eventId); + return $this->eventRepository->findFirstWhere([ + 'id' => $updateEventStatusDTO->eventId, + 'account_id' => $updateEventStatusDTO->accountId, + ]); } } diff --git a/backend/app/Services/Application/Handlers/Organizer/EditOrganizerHandler.php b/backend/app/Services/Application/Handlers/Organizer/EditOrganizerHandler.php index 7cf4927556..62e5c8fe50 100644 --- a/backend/app/Services/Application/Handlers/Organizer/EditOrganizerHandler.php +++ b/backend/app/Services/Application/Handlers/Organizer/EditOrganizerHandler.php @@ -51,6 +51,9 @@ private function editOrganizer(EditOrganizerDTO $organizerData): OrganizerDomain return $this->organizerRepository ->loadRelation(ImageDomainObject::class) - ->findById($organizerData->id); + ->findFirstWhere([ + 'id' => $organizerData->id, + 'account_id' => $organizerData->account_id, + ]); } } diff --git a/backend/app/Services/Application/Handlers/Organizer/UpdateOrganizerStatusHandler.php b/backend/app/Services/Application/Handlers/Organizer/UpdateOrganizerStatusHandler.php index d82c628452..9042838bf7 100644 --- a/backend/app/Services/Application/Handlers/Organizer/UpdateOrganizerStatusHandler.php +++ b/backend/app/Services/Application/Handlers/Organizer/UpdateOrganizerStatusHandler.php @@ -48,7 +48,10 @@ private function updateOrganizerStatus(UpdateOrganizerStatusDTO $updateOrganizer $this->organizerRepository->updateWhere( attributes: ['status' => $updateOrganizerStatusDTO->status], - where: ['id' => $updateOrganizerStatusDTO->organizerId] + where: [ + 'id' => $updateOrganizerStatusDTO->organizerId, + 'account_id' => $updateOrganizerStatusDTO->accountId, + ] ); $this->logger->info('Organizer status updated', [ @@ -56,6 +59,9 @@ private function updateOrganizerStatus(UpdateOrganizerStatusDTO $updateOrganizer 'status' => $updateOrganizerStatusDTO->status ]); - return $this->organizerRepository->findById($updateOrganizerStatusDTO->organizerId); + return $this->organizerRepository->findFirstWhere([ + 'id' => $updateOrganizerStatusDTO->organizerId, + 'account_id' => $updateOrganizerStatusDTO->accountId, + ]); } } diff --git a/backend/app/Services/Application/Handlers/ProductCategory/EditProductCategoryHandler.php b/backend/app/Services/Application/Handlers/ProductCategory/EditProductCategoryHandler.php index 105adde141..574183a576 100644 --- a/backend/app/Services/Application/Handlers/ProductCategory/EditProductCategoryHandler.php +++ b/backend/app/Services/Application/Handlers/ProductCategory/EditProductCategoryHandler.php @@ -29,6 +29,9 @@ public function handle(UpsertProductCategoryDTO $dto): ProductCategoryDomainObje ], ); - return $this->productCategoryRepository->findById($dto->product_category_id); + return $this->productCategoryRepository->findFirstWhere([ + 'id' => $dto->product_category_id, + 'event_id' => $dto->event_id, + ]); } } diff --git a/backend/app/Services/Application/Handlers/TaxAndFee/EditTaxHandler.php b/backend/app/Services/Application/Handlers/TaxAndFee/EditTaxHandler.php index d3a65a7888..50e1163a2f 100644 --- a/backend/app/Services/Application/Handlers/TaxAndFee/EditTaxHandler.php +++ b/backend/app/Services/Application/Handlers/TaxAndFee/EditTaxHandler.php @@ -61,7 +61,10 @@ public function handle(UpsertTaxDTO $data): TaxAndFeesDomainObject ); /** @var TaxAndFeesDomainObject $tax */ - $tax = $this->taxRepository->findById($data->id); + $tax = $this->taxRepository->findFirstWhere([ + 'id' => $data->id, + 'account_id' => $data->account_id, + ]); $this->logger->info('Updated tax', [ 'id' => $tax->getId(), diff --git a/backend/app/Services/Application/Handlers/User/CancelEmailChangeHandler.php b/backend/app/Services/Application/Handlers/User/CancelEmailChangeHandler.php index 330c8c4974..f4c086b20a 100644 --- a/backend/app/Services/Application/Handlers/User/CancelEmailChangeHandler.php +++ b/backend/app/Services/Application/Handlers/User/CancelEmailChangeHandler.php @@ -3,6 +3,7 @@ namespace HiEvents\Services\Application\Handlers\User; use HiEvents\DomainObjects\UserDomainObject; +use HiEvents\Exceptions\ResourceNotFoundException; use HiEvents\Repository\Interfaces\UserRepositoryInterface; use HiEvents\Services\Application\Handlers\User\DTO\CancelEmailChangeDTO; use Psr\Log\LoggerInterface; @@ -24,6 +25,12 @@ public function __construct( public function handle(CancelEmailChangeDTO $data): UserDomainObject { + $user = $this->userRepository->findByIdAndAccountId($data->userId, $data->accountId); + + if ($user === null) { + throw new ResourceNotFoundException(__('User not found')); + } + $this->userRepository->updateWhere( attributes: [ 'pending_email' => null, diff --git a/backend/app/Services/Application/Handlers/User/UpdateMeHandler.php b/backend/app/Services/Application/Handlers/User/UpdateMeHandler.php index 0deba3033b..965a9257b6 100644 --- a/backend/app/Services/Application/Handlers/User/UpdateMeHandler.php +++ b/backend/app/Services/Application/Handlers/User/UpdateMeHandler.php @@ -88,15 +88,10 @@ private function isChangingEmail(UpdateMeDTO $updateUserData, UserDomainObject $ private function getExistingUser(UpdateMeDTO $updateUserData): UserDomainObject { - $existingUser = $this->userRepository->findFirstWhere([ - 'id' => $updateUserData->id, - ]); - - if ($existingUser === null) { - throw new ResourceNotFoundException(); - } - - return $existingUser; + return $this->userRepository->findByIdAndAccountId( + $updateUserData->id, + $updateUserData->account_id + ); } private function sendEmailChangeConfirmation(UserDomainObject $existingUser): void