Fix authorisation for resellers to only see their own accounts

app/Models/Policies/AccountPolicy.php

@@ -11,7 +11,7 @@ class AccountPolicy
 	use HandlesAuthorization;
 
 	/**
-	 * Determine whether the user can view the service.
+	 * Determine whether the user can view the account.
 	 *
 	 * @param User    $uo
 	 * @param Account $ao
@@ -25,8 +25,8 @@ class AccountPolicy
 			// The user is the wholesaler
 			OR $uo->isWholesaler()
 
-			// The user is the reseller
-			OR  $uo->isReseller();
+			// The user has this as one of their accounts
+			OR $uo->accounts->pluck('id')->contains($ao->id);
 	}
 
 	/**