fix delete photo

app/Http/Controllers/OrderController.php

@@ -585,16 +585,20 @@ class OrderController extends Controller
         return redirect()->route('order.show', $order)->with(['success' => 'Фотографии успешно загружены!']);
     }
 
-    public function deletePhoto(Order $order, File $file, FileService $fileService)
+    public function deletePhoto(int $order, File $file, FileService $fileService)
     {
+        $order = $this->findOrderWithoutYearScope($order);
+        abort_unless($order->photos()->whereKey($file->id)->exists(), 404);
+
         $order->photos()->detach($file);
         $fileService->deleteFileWithThumbnail($file);
         $file->delete();
         return redirect()->route('order.show', $order);
     }
 
-    public function deleteAllPhotos(Order $order, FileService $fileService)
+    public function deleteAllPhotos(int $order, FileService $fileService)
     {
+        $order = $this->findOrderWithoutYearScope($order);
         $files = $order->photos;
         $order->photos()->detach();
         foreach ($files as $file) {
@@ -627,16 +631,20 @@ class OrderController extends Controller
         return redirect()->route('order.show', $order)->with(['success' => 'Документы успешно загружены!']);
     }
 
-    public function deleteDocument(Order $order, File $file)
+    public function deleteDocument(int $order, File $file)
     {
+        $order = $this->findOrderWithoutYearScope($order);
+        abort_unless($order->documents()->whereKey($file->id)->exists(), 404);
+
         $order->documents()->detach($file);
         Storage::disk('public')->delete($file->path);
         $file->delete();
         return redirect()->route('order.show', $order);
     }
 
-    public function deleteAllDocuments(Order $order)
+    public function deleteAllDocuments(int $order)
     {
+        $order = $this->findOrderWithoutYearScope($order);
         $files = $order->documents;
         $order->documents()->detach();
         foreach ($files as $file) {
@@ -669,16 +677,20 @@ class OrderController extends Controller
         return redirect()->route('order.show', $order)->with(['success' => 'Ведомости успешно загружены!']);
     }
 
-    public function deleteStatement(Order $order, File $file)
+    public function deleteStatement(int $order, File $file)
     {
+        $order = $this->findOrderWithoutYearScope($order);
+        abort_unless($order->statements()->whereKey($file->id)->exists(), 404);
+
         $order->statements()->detach($file);
         Storage::disk('public')->delete($file->path);
         $file->delete();
         return redirect()->route('order.show', $order);
     }
 
-    public function deleteAllStatements(Order $order)
+    public function deleteAllStatements(int $order)
     {
+        $order = $this->findOrderWithoutYearScope($order);
         $files = $order->statements;
         $order->statements()->detach();
         foreach ($files as $file) {
@@ -688,6 +700,13 @@ class OrderController extends Controller
         return redirect()->route('order.show', $order);
     }
 
+    private function findOrderWithoutYearScope(int $orderId): Order
+    {
+        return Order::query()
+            ->withoutGlobalScope(\App\Models\Scopes\YearScope::class)
+            ->findOrFail($orderId);
+    }
+
     public function generateInstallationPack(Order $order)
     {
         $errors = $order->isAllMafConnected();