mirror/Part-DB.Part-DB-server
1
0
Fork 1
mirror of https://github.com/Part-DB/Part-DB-server.git synced 2025-06-23 10:18:56 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 5

Allow access to log detail page (only) if a user has permission to show_history of an entity

Browse source
This commit is contained in:
Jan Böhmer 2023-05-16 00:05:54 +02:00
parent 272684e7eb
commit 6a1aefa5a5
2 changed files with 28 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

2
src/Controller/LogController.php
View file

@ -106,7 +106,7 @@ class LogController extends AbstractController
public function logDetails(Request $request, AbstractLogEntry $logEntry, LogEntryExtraFormatter $logEntryExtraFormatter,
LogLevelHelper $logLevelHelper, LogTargetHelper $logTargetHelper, EntityManagerInterface $entityManager): Response
{
$this->denyAccessUnlessGranted('read', $logEntry);
$this->denyAccessUnlessGranted('show_details', $logEntry);
$extra_html = $logEntryExtraFormatter->format($logEntry);
$target_html = $logTargetHelper->formatTarget($logEntry);