mirror/Part-DB.Part-DB-server
1
0
Fork 1
mirror of https://github.com/Part-DB/Part-DB-server.git synced 2025-07-08 01:14:34 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 10

Improved access control for part lists.

Browse source
This commit is contained in:
Jan Böhmer 2022-10-31 23:10:21 +01:00
parent d0f7949bc9
commit 3e85fc4d42
5 changed files with 68 additions and 36 deletions
Download patch file Download diff file Expand all files Collapse all files

10
src/Services/Parts/PartsTableActionHandler.php
View file

@ -76,9 +76,11 @@ final class PartsTableActionHandler
switch ($action) {
case 'favorite':
$this->denyAccessUnlessGranted('change_favorite', $part);
$part->setFavorite(true);
break;
case 'unfavorite':
$this->denyAccessUnlessGranted('change_favorite', $part);
$part->setFavorite(false);
break;
case 'delete':
@ -86,19 +88,19 @@ final class PartsTableActionHandler
$this->entityManager->remove($part);
break;
case 'change_category':
$this->denyAccessUnlessGranted('category.edit', $part);
$this->denyAccessUnlessGranted('@categories.read');
$part->setCategory($this->entityManager->find(Category::class, $target_id));
break;
case 'change_footprint':
$this->denyAccessUnlessGranted('footprint.edit', $part);
$this->denyAccessUnlessGranted('@footprints.read');
$part->setFootprint(null === $target_id ? null : $this->entityManager->find(Footprint::class, $target_id));
break;
case 'change_manufacturer':
$this->denyAccessUnlessGranted('manufacturer.edit', $part);
$this->denyAccessUnlessGranted('@manufacturers.read');
$part->setManufacturer(null === $target_id ? null : $this->entityManager->find(Manufacturer::class, $target_id));
break;
case 'change_unit':
$this->denyAccessUnlessGranted('unit.edit', $part);
$this->denyAccessUnlessGranted('@measurement_units.read');
$part->setPartUnit(null === $target_id ? null : $this->entityManager->find(MeasurementUnit::class, $target_id));
break;