fix map-info-box display (#1104)

* fix map-info-box display

* Check user on PIREP show/edit/update/submit

* add missing use

* refactoring according to comments; use UpdatePirepRequest for authorization and make user available to view

Co-authored-by: Andreas Palm <ap@ewsp.de>
Co-authored-by: Nabeel S <nabeelio@users.noreply.github.com>

app/Http/Controllers/Frontend/PirepController.php

@@ -3,6 +3,7 @@
 namespace App\Http\Controllers\Frontend;
 
 use App\Contracts\Controller;
+use App\Exceptions\Unauthorized;
 use App\Http\Requests\CreatePirepRequest;
 use App\Http\Requests\UpdatePirepRequest;
 use App\Models\Enums\PirepSource;
@@ -26,6 +27,7 @@ use App\Services\UserService;
 use App\Support\Units\Fuel;
 use App\Support\Units\Time;
 use Carbon\Carbon;
+use Exception;
 use Illuminate\Http\Request;
 use Illuminate\Support\Facades\Auth;
 use Illuminate\Support\Facades\Log;
@@ -211,6 +213,7 @@ class PirepController extends Controller
         return view('pireps.show', [
             'pirep'        => $pirep,
             'map_features' => $map_features,
+            'user'         => Auth::user(),
         ]);
     }
 
@@ -433,6 +436,9 @@ class PirepController extends Controller
             Flash::error('Pirep not found');
             return redirect(route('frontend.pireps.index'));
         }
+        if ($pirep->user_id !== Auth::id()) {
+            throw new Unauthorized(new Exception('You may not edit the PIREP of other users'));
+        }
 
         // Eager load the subfleet and fares under it
         if ($pirep->aircraft) {
@@ -543,6 +549,9 @@ class PirepController extends Controller
             Flash::error('PIREP not found');
             return redirect(route('admin.pireps.index'));
         }
+        if ($pirep->user_id !== Auth::id()) {
+            throw new Unauthorized(new Exception('You may not submit the PIREP of other users'));
+        }
 
         $this->pirepSvc->submit($pirep);
         return redirect(route('frontend.pireps.show', [$pirep->id]));