From ab1e259d0022ab4bac72d4f6b0de51988567a1c4 Mon Sep 17 00:00:00 2001
From: Alexis Saettler <alexis@saettler.org>
Date: Thu, 29 Apr 2021 23:22:08 +0200
Subject: [PATCH 1/2] fix: fix bypass invitation

---
 app/Http/Controllers/SettingsController.php | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/app/Http/Controllers/SettingsController.php b/app/Http/Controllers/SettingsController.php
index 48f0c81bfda..59bd5259a8a 100644
--- a/app/Http/Controllers/SettingsController.php
+++ b/app/Http/Controllers/SettingsController.php
@@ -2,6 +2,7 @@
 
 namespace App\Http\Controllers;
 
+use App\Exceptions\AccountLimitException;
 use App\Models\User\User;
 use App\Helpers\DateHelper;
 use Illuminate\Support\Str;
@@ -300,6 +301,10 @@ public function addUser()
      */
     public function inviteUser(InvitationRequest $request)
     {
+        if (AccountHelper::hasLimitations(auth()->user()->account)) {
+            throw new AccountLimitException();
+        }
+
         // Make sure the confirmation to invite has not been bypassed
         if (! $request->input('confirmation')) {
             return redirect()->back()->withErrors(trans('settings.users_error_please_confirm'))->withInput();

From 111afed8a3aca38d07e9606ca97cbc49fa4f7552 Mon Sep 17 00:00:00 2001
From: Alexis Saettler <asbiin@users.noreply.github.com>
Date: Thu, 29 Apr 2021 21:54:18 +0000
Subject: [PATCH 2/2] Apply fixes from StyleCI

---
 app/Http/Controllers/SettingsController.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/Http/Controllers/SettingsController.php b/app/Http/Controllers/SettingsController.php
index 59bd5259a8a..118cdff8800 100644
--- a/app/Http/Controllers/SettingsController.php
+++ b/app/Http/Controllers/SettingsController.php
@@ -2,7 +2,6 @@
 
 namespace App\Http\Controllers;
 
-use App\Exceptions\AccountLimitException;
 use App\Models\User\User;
 use App\Helpers\DateHelper;
 use Illuminate\Support\Str;
@@ -23,6 +22,7 @@
 use LaravelWebauthn\Models\WebauthnKey;
 use App\Http\Requests\InvitationRequest;
 use App\Services\Contact\Tag\DestroyTag;
+use App\Exceptions\AccountLimitException;
 use App\Services\Account\Settings\ResetAccount;
 use App\Services\Account\Settings\DestroyAccount;
 use PragmaRX\Google2FALaravel\Facade as Google2FA;