Fix the PIREP edit permissions

app/Http/Controllers/Frontend/PirepController.php

@@ -431,13 +431,16 @@ class PirepController extends Controller
      */
     public function edit($id)
     {
+        /** @var Pirep $pirep */
         $pirep = $this->pirepRepo->findWithoutFail($id);
         if (empty($pirep)) {
             Flash::error('Pirep not found');
             return redirect(route('frontend.pireps.index'));
         }
+
         if ($pirep->user_id !== Auth::id()) {
-            throw new Unauthorized(new Exception('You may not edit the PIREP of other users'));
+            Flash::error('Cannot edit someone else\'s PIREP!');
+            return redirect(route('admin.pireps.index'));
         }
 
         // Eager load the subfleet and fares under it
@@ -492,12 +495,21 @@ class PirepController extends Controller
      */
     public function update($id, UpdatePirepRequest $request)
     {
+        /** @var User $user */
+        $user = Auth::user();
+
+        /** @var Pirep $pirep */
         $pirep = $this->pirepRepo->findWithoutFail($id);
         if (empty($pirep)) {
             Flash::error('Pirep not found');
             return redirect(route('admin.pireps.index'));
         }
 
+        if ($user->id !== $pirep->user_id) {
+            Flash::error('Cannot edit someone else\'s PIREP!');
+            return redirect(route('admin.pireps.index'));
+        }
+
         $orig_route = $pirep->route;
         $attrs = $request->all();
         $attrs['submit'] = strtolower($attrs['submit']);
@@ -549,8 +561,10 @@ class PirepController extends Controller
             Flash::error('PIREP not found');
             return redirect(route('admin.pireps.index'));
         }
+
         if ($pirep->user_id !== Auth::id()) {
-            throw new Unauthorized(new Exception('You may not submit the PIREP of other users'));
+            Flash::error('Cannot edit someone else\'s PIREP!');
+            return redirect(route('admin.pireps.index'));
         }
 
         $this->pirepSvc->submit($pirep);

app/Http/Requests/UpdatePirepRequest.php

@@ -5,20 +5,10 @@ namespace App\Http\Requests;
 use App\Contracts\FormRequest;
 use App\Models\Pirep;
 use App\Repositories\PirepFieldRepository;
-use Illuminate\Support\Facades\Auth;
 use Illuminate\Support\Facades\Log;
 
 class UpdatePirepRequest extends FormRequest
 {
-    /**
-     * Is the user allowed to do this?
-     */
-    public function authorize(): bool
-    {
-        $pirep = Pirep::findOrFail($this->route('pirep'), ['user_id']);
-        return $pirep->user_id === Auth::id();
-    }
-
     /**
      * Get the validation rules that apply to the request.
      *