Enforce Bouncer authorization checks across resource controllers

[bhavesh-018]

Issue Reference

Fix #2462

Description

This PR fixes an authorization bypass vulnerability where certain controllers retrieved resources directly using findOrFail($id) without verifying that the current user is authorized to access them.

Although DataGrid queries correctly scoped records using:

bouncer()->getAuthorizedUserIds()

direct endpoints such as view, edit, update, destroy, print, and download could bypass these restrictions through direct URL access.

How To Test This?

1. Create Users

Create two users in the admin panel.

Example:

User	Role
User A	Any role with resource permissions
User B	Same role or another role

Ensure that the selected role has permissions configured for Leads, Persons, Quotes, and Activities.

---

2. Configure Role Permissions

Navigate to:
Settings → Roles → <Your Role>

Set the permissions for the following resources to: Individual

Select:

• Leads
• Persons
• Quotes
• Activities

This ensures that users can only access resources owned by themselves.

---

3. Create Test Resources

Create resources owned by different users.
Example:

Lead 1 → owned by User A
Lead 2 → owned by User B

Similarly create:

• Persons
• Quotes
• Activities

assigned to different users.

---

4. Login as User A

Login as User A.

Verify that the list pages only show resources owned by User A.

---

Documentation

• My pull request requires an update on the documentation repository.

Branch Selection

• Target Branch: master

Tailwind Reordering

No Tailwind classes were modified.