Fix authorisation for resellers to only see their own accounts

app/Models/Policies/UserPolicy.php

@@ -11,7 +11,7 @@ class UserPolicy
 	use HandlesAuthorization;
 
 	/**
-	 * Determine whether the user can view the service.
+	 * Determine whether the user can view the user details.
 	 *
 	 * @param User $uo
 	 * @param User $o
@@ -25,8 +25,8 @@ class UserPolicy
 			// The user is the wholesaler
 			OR $uo->isWholesaler()
 
-			// The user is the reseller
-			OR  $uo->isReseller();
+			// The user has this as one of their accounts
+			OR $uo->accounts->pluck('user')->pluck('id')->unique()->contains($o->id);
 	}
 
 	/**