mirror/Part-DB.Part-DB-server
1
0
Fork 1
mirror of https://github.com/Part-DB/Part-DB-server.git synced 2025-06-21 17:39:06 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

Improved permission checking for certain controllers.

Browse source
This commit is contained in:
Jan Böhmer 2022-11-05 23:49:53 +01:00
parent a30b67e328
commit 78d1dff40f
3 changed files with 10 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
src/Controller/AttachmentFileController.php
View file

@ -131,7 +131,7 @@ class AttachmentFileController extends AbstractController
*/
public function attachmentsTable(Request $request, DataTableFactory $dataTableFactory, NodesListBuilder $nodesListBuilder)
{
$this->denyAccessUnlessGranted('read', new PartAttachment());
$this->denyAccessUnlessGranted('@attachments.list_attachments');
$formRequest = clone $request;
$formRequest->setMethod('GET');