mirror/Part-DB.Part-DB-server
1
0
Fork 1
mirror of https://github.com/Part-DB/Part-DB-server.git synced 2025-06-22 09:53:35 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

Improved access control for part lists.

Browse source
This commit is contained in:
Jan Böhmer 2022-10-31 23:10:21 +01:00
parent d0f7949bc9
commit 3e85fc4d42
5 changed files with 68 additions and 36 deletions
Download patch file Download diff file Expand all files Collapse all files

10
src/Controller/PartListsController.php
View file

@ -175,6 +175,8 @@ class PartListsController extends AbstractController
*/
public function showCategory(Category $category, Request $request)
{
$this->denyAccessUnlessGranted('@categories.read');
return $this->showListWithFilter($request,
'Parts/lists/category_list.html.twig',
function (PartFilter $filter) use ($category) {
@ -195,6 +197,8 @@ class PartListsController extends AbstractController
*/
public function showFootprint(Footprint $footprint, Request $request)
{
$this->denyAccessUnlessGranted('@footprints.read');
return $this->showListWithFilter($request,
'Parts/lists/footprint_list.html.twig',
function (PartFilter $filter) use ($footprint) {
@ -215,6 +219,8 @@ class PartListsController extends AbstractController
*/
public function showManufacturer(Manufacturer $manufacturer, Request $request)
{
$this->denyAccessUnlessGranted('@manufacturers.read');
return $this->showListWithFilter($request,
'Parts/lists/manufacturer_list.html.twig',
function (PartFilter $filter) use ($manufacturer) {
@ -235,6 +241,8 @@ class PartListsController extends AbstractController
*/
public function showStorelocation(Storelocation $storelocation, Request $request)
{
$this->denyAccessUnlessGranted('@storelocations.read');
return $this->showListWithFilter($request,
'Parts/lists/store_location_list.html.twig',
function (PartFilter $filter) use ($storelocation) {
@ -255,6 +263,8 @@ class PartListsController extends AbstractController
*/
public function showSupplier(Supplier $supplier, Request $request)
{
$this->denyAccessUnlessGranted('@suppliers.read');
return $this->showListWithFilter($request,
'Parts/lists/supplier_list.html.twig',
function (PartFilter $filter) use ($supplier) {