From dd85634fa83666f4b31ddb002f027db40b773773 Mon Sep 17 00:00:00 2001
From: brufdev <brufdev@proton.me>
Date: Wed, 2 Apr 2025 17:16:46 +0100
Subject: [PATCH] Fix collaboration permissions

---
 app/Policies/VaultNodePolicy.php |  5 ++++-
 app/Policies/VaultPolicy.php     | 10 ++++++++--
 2 files changed, 12 insertions(+), 3 deletions(-)

diff --git a/app/Policies/VaultNodePolicy.php b/app/Policies/VaultNodePolicy.php
index 9e55eea..866122c 100644
--- a/app/Policies/VaultNodePolicy.php
+++ b/app/Policies/VaultNodePolicy.php
@@ -19,6 +19,9 @@ final readonly class VaultNodePolicy
         $vault = $node->vault;
 
         return $user->id === $vault->created_by ||
-            $vault->collaborators()->where('user_id', $user->id)->exists();
+            $vault->collaborators()
+                ->where('user_id', $user->id)
+                ->where('accepted', true)
+                ->exists();
     }
 }
diff --git a/app/Policies/VaultPolicy.php b/app/Policies/VaultPolicy.php
index 2480ba9..e0c174a 100644
--- a/app/Policies/VaultPolicy.php
+++ b/app/Policies/VaultPolicy.php
@@ -15,7 +15,10 @@ final readonly class VaultPolicy
     public function view(User $user, Vault $vault): bool
     {
         return $user->id === $vault->created_by ||
-            $vault->collaborators()->where('user_id', $user->id)->exists();
+            $vault->collaborators()
+                ->where('user_id', $user->id)
+                ->where('accepted', true)
+                ->exists();
     }
 
     /**
@@ -24,7 +27,10 @@ final readonly class VaultPolicy
     public function update(User $user, Vault $vault): bool
     {
         return $user->id === $vault->created_by ||
-            $vault->collaborators()->where('user_id', $user->id)->exists();
+            $vault->collaborators()
+                ->where('user_id', $user->id)
+                ->where('accepted', true)
+                ->exists();
     }
 
     /**